View Full Version : The usual redirects, with a possible kernel rootkit, thrown in for good measure.
I should have formatted and reinstalled the OS on this machine last summer but I've been playing around with it, trying to understand the connectivity issues that came up last summer when I posted about getting hacked, :sad: I'll post the FRST results showing some typical (for me) problems, but the main issue I'm asking about is some suspicious text in my zamgaurd driver. My security task manager using virustotal's scanner gives the ZG driver a rating of clean and harmless, there is however a very long string of text in the file, almost all total failures and/or issues. Rather than try describing this text I'll attach png's of the results, hopefully avoiding some confusion. Considering the TDL3&4 detections (If they are real) I'm assuming a WAN miniport/Kernel rootkit would be probable. It's worth noting, Nortons PE didn't detect it and I haven't run mbar yet, thought I'd ask for an opinion before going further.
Thanks and I'll give more detail as size limits allow. :)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by oldman (administrator) on EUSTACE (16-10-2018 16:04:45)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\nsWscSvc.exe
() C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{f541e8b7-cc70-4d7e-8a81-5451f2cae84b}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
FireFox:
========
FF DefaultProfile: oz3zen8u.default-1466821123041-1535496511206
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 [2018-10-16]
FF HomepageOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonsafesearch_ul_2@symantec.com
FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\@contain-facebook.xpi [2018-08-30]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\@testpilot-containers.xpi [2018-09-02]
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonhomepage@symantec.com.xpi [2018-09-28]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-10-15]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonsafeweb@symantec.com.xpi [2018-10-08]
FF Extension: (Telemetry coverage) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\features\{374557bb-f68c-423e-b135-6dce4ae0bd0d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default [2018-08-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-05-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-08-08]
CHR Extension: (Norton Safe) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-19]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe [328648 2018-10-05] (Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3232448 2018-05-04] ()
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.0.247\nsWscSvc.exe [915712 2018-10-05] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181015.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\ccSetx64.sys [190424 2018-10-05] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181015.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SRTSP64.SYS [832192 2018-10-05] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\SRTSPX64.SYS [49856 2018-10-05] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SYMEFASI64.SYS [1969136 2018-10-05] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SymELAM.sys [25608 2018-10-05] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114256 2018-09-11] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\Ironx64.SYS [308304 2018-10-05] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\symnets.sys [566912 2018-10-05] (Symantec Corporation)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\wpCtrlDrv.sys [1010856 2018-10-05] (Symantec Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-16 16:04 - 2018-10-16 16:06 - 000023605 _____ C:\Users\oldman\Desktop\FRST.txt
2018-10-16 16:04 - 2018-10-16 16:04 - 000000000 ____D C:\FRST
2018-10-16 15:28 - 2018-10-16 15:28 - 000002308 _____ C:\Users\oldman\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-16 15:28 - 2018-10-16 15:28 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-10-16 15:28 - 2018-10-16 15:28 - 000000000 ____D C:\RegBackup
2018-10-16 15:23 - 2018-10-16 15:23 - 005198336 _____ (AVAST Software) C:\Users\oldman\Desktop\aswMBR.exe
2018-10-16 15:22 - 2018-10-16 15:22 - 002414592 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2018-10-16 15:20 - 2018-10-16 15:21 - 005766144 _____ (Tweaking.com) C:\Users\oldman\Desktop\tweaking.com_registry_backup_setup(1).exe
2018-10-16 14:49 - 2018-10-16 14:49 - 000000072 _____ C:\Users\oldman\Desktop\kernal RK.txt
2018-10-16 12:39 - 2018-10-16 12:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-10-16 11:46 - 2018-06-04 21:23 - 000009618 _____ C:\WINDOWS\ntbtlog.txt
2018-10-16 11:24 - 2018-10-16 16:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-10-16 11:24 - 2018-10-16 11:24 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-10-16 11:23 - 2018-10-16 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-10-16 11:06 - 2018-10-16 11:06 - 002187304 _____ (LogMeIn, Inc.) C:\Users\oldman\Downloads\Support-LogMeInRescue(6).exe
2018-10-16 08:56 - 2018-10-16 08:56 - 001583270 _____ C:\Users\oldman\Downloads\BackDoor.Tdss.565_(aka TDL3)_en.pdf
2018-10-16 08:36 - 2018-09-29 21:59 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181016-083655.backup
2018-10-11 20:59 - 2018-09-21 03:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-11 20:59 - 2018-09-20 21:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-11 20:59 - 2018-09-19 22:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-11 20:59 - 2018-09-19 22:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-11 20:59 - 2018-09-19 22:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-11 20:59 - 2018-09-19 22:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-11 20:59 - 2018-09-19 22:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-11 20:59 - 2018-09-19 22:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-11 20:59 - 2018-09-19 22:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-11 20:59 - 2018-09-19 22:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-11 20:59 - 2018-09-19 21:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-11 20:59 - 2018-09-19 21:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-11 20:59 - 2018-09-19 21:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-11 20:59 - 2018-09-19 21:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-11 20:59 - 2018-09-19 21:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-11 20:59 - 2018-09-07 21:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-11 20:59 - 2018-09-07 21:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-11 20:59 - 2018-09-07 21:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-11 20:59 - 2018-09-07 21:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-11 20:58 - 2018-09-21 02:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-11 20:58 - 2018-09-20 22:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-11 20:58 - 2018-09-20 22:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-11 20:58 - 2018-09-20 22:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-11 20:58 - 2018-09-20 22:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-11 20:58 - 2018-09-20 22:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-11 20:58 - 2018-09-20 22:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-11 20:58 - 2018-09-20 22:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-11 20:58 - 2018-09-20 22:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-11 20:58 - 2018-09-20 22:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-11 20:58 - 2018-09-20 22:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-11 20:58 - 2018-09-20 22:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-11 20:58 - 2018-09-20 22:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-11 20:58 - 2018-09-20 22:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-11 20:58 - 2018-09-20 22:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-11 20:58 - 2018-09-20 22:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-11 20:58 - 2018-09-20 22:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-11 20:58 - 2018-09-20 21:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-11 20:58 - 2018-09-20 21:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-11 20:58 - 2018-09-20 21:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-11 20:58 - 2018-09-20 21:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-11 20:58 - 2018-09-20 21:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-11 20:58 - 2018-09-20 21:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-11 20:58 - 2018-09-20 21:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-11 20:58 - 2018-09-20 21:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-11 20:58 - 2018-09-20 21:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-11 20:58 - 2018-09-20 21:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-11 20:58 - 2018-09-20 21:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-11 20:58 - 2018-09-20 21:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-11 20:58 - 2018-09-20 21:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-11 20:58 - 2018-09-20 21:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-11 20:58 - 2018-09-20 21:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-11 20:58 - 2018-09-20 21:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-11 20:58 - 2018-09-20 03:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-11 20:58 - 2018-09-20 03:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-11 20:58 - 2018-09-20 03:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-11 20:58 - 2018-09-20 03:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-11 20:58 - 2018-09-20 03:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-11 20:58 - 2018-09-20 03:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-11 20:58 - 2018-09-20 02:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-11 20:58 - 2018-09-20 02:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-11 20:58 - 2018-09-20 02:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-11 20:58 - 2018-09-20 02:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-11 20:58 - 2018-09-19 22:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-11 20:58 - 2018-09-19 22:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-11 20:58 - 2018-09-19 22:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-11 20:58 - 2018-09-19 22:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-11 20:58 - 2018-09-19 22:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-11 20:58 - 2018-09-19 22:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-11 20:58 - 2018-09-19 22:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-11 20:58 - 2018-09-19 22:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-11 20:58 - 2018-09-19 22:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-11 20:58 - 2018-09-19 22:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-11 20:58 - 2018-09-19 22:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-11 20:58 - 2018-09-19 22:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-11 20:58 - 2018-09-19 22:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-11 20:58 - 2018-09-19 22:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-11 20:58 - 2018-09-19 22:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-11 20:58 - 2018-09-19 22:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-11 20:58 - 2018-09-19 22:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-11 20:58 - 2018-09-19 22:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-11 20:58 - 2018-09-19 21:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-11 20:58 - 2018-09-19 21:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-11 20:58 - 2018-09-19 21:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-11 20:58 - 2018-09-19 21:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-11 20:58 - 2018-09-19 21:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-11 20:58 - 2018-09-19 21:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-11 20:58 - 2018-09-19 21:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-11 20:58 - 2018-09-19 21:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-11 20:58 - 2018-09-19 21:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-11 20:58 - 2018-09-19 21:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-11 20:58 - 2018-09-08 02:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-11 20:58 - 2018-09-08 02:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-11 20:58 - 2018-09-08 02:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-11 20:58 - 2018-09-08 02:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-11 20:58 - 2018-09-08 02:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-11 20:58 - 2018-09-08 02:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-11 20:58 - 2018-09-08 01:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-11 20:58 - 2018-09-08 01:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-11 20:58 - 2018-09-08 01:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-11 20:58 - 2018-09-08 01:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-11 20:58 - 2018-09-08 01:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-11 20:58 - 2018-09-08 01:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-11 20:58 - 2018-09-08 01:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-11 20:58 - 2018-09-08 01:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-11 20:58 - 2018-09-08 01:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-11 20:58 - 2018-09-08 01:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-11 20:58 - 2018-09-08 01:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-11 20:58 - 2018-09-08 01:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-11 20:58 - 2018-09-08 01:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-11 20:58 - 2018-09-08 01:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-11 20:58 - 2018-09-08 01:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-11 20:58 - 2018-09-08 01:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-11 20:58 - 2018-09-08 01:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-11 20:58 - 2018-09-08 01:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-11 20:58 - 2018-09-08 00:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-11 20:58 - 2018-09-08 00:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-11 20:58 - 2018-09-08 00:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-11 20:58 - 2018-09-08 00:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-11 20:58 - 2018-09-08 00:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-11 20:58 - 2018-09-08 00:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-11 20:58 - 2018-09-08 00:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-11 20:58 - 2018-09-08 00:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-11 20:58 - 2018-09-08 00:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-11 20:58 - 2018-09-07 22:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-11 20:58 - 2018-09-07 21:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-11 20:58 - 2018-09-07 21:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-11 20:58 - 2018-09-07 21:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-11 20:58 - 2018-09-07 21:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-11 20:58 - 2018-09-07 21:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-11 20:58 - 2018-09-07 21:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-11 20:58 - 2018-09-07 21:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-11 20:58 - 2018-09-07 21:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-11 20:58 - 2018-09-07 21:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-11 20:58 - 2018-09-07 21:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-11 20:58 - 2018-09-07 21:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-11 20:58 - 2018-09-07 21:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-11 20:58 - 2018-09-07 21:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-11 20:58 - 2018-09-07 21:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-11 20:58 - 2018-09-07 21:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-11 20:58 - 2018-09-07 21:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-11 20:58 - 2018-09-07 21:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-11 20:58 - 2018-09-07 21:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-11 20:58 - 2018-09-07 21:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-11 20:58 - 2018-09-07 21:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-11 20:58 - 2018-09-07 21:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-11 20:58 - 2018-09-07 21:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-11 20:58 - 2018-09-07 21:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-11 20:58 - 2018-09-07 21:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-11 20:58 - 2018-09-07 21:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-11 20:58 - 2018-09-07 21:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-11 20:58 - 2018-09-07 21:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-11 20:58 - 2018-09-07 21:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-11 20:58 - 2018-09-07 21:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-11 20:58 - 2018-09-07 21:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-11 20:58 - 2018-09-07 21:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-11 20:58 - 2018-09-07 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-11 20:58 - 2018-09-07 21:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-11 20:58 - 2018-09-07 21:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-11 20:58 - 2018-09-07 21:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-11 20:58 - 2018-09-07 21:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-11 20:58 - 2018-09-07 21:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-11 20:58 - 2018-09-07 21:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-11 20:58 - 2018-09-07 21:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-11 20:58 - 2018-09-07 21:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-11 20:58 - 2018-09-07 21:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-11 20:58 - 2018-09-07 21:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-11 20:57 - 2018-09-21 03:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-11 20:57 - 2018-09-21 02:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-11 20:57 - 2018-09-20 22:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-11 20:57 - 2018-09-20 22:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-11 20:57 - 2018-09-20 22:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-11 20:57 - 2018-09-20 22:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-11 20:57 - 2018-09-20 21:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-11 20:57 - 2018-09-20 21:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-11 20:57 - 2018-09-20 21:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-11 20:57 - 2018-09-20 21:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-11 20:57 - 2018-09-20 21:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-11 20:57 - 2018-09-20 21:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-11 20:57 - 2018-09-20 21:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-11 20:57 - 2018-09-20 21:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-11 20:57 - 2018-09-20 03:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-11 20:57 - 2018-09-20 03:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-11 20:57 - 2018-09-20 03:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-11 20:57 - 2018-09-20 03:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-11 20:57 - 2018-09-20 03:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-11 20:57 - 2018-09-20 02:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-11 20:57 - 2018-09-20 02:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-11 20:57 - 2018-09-20 02:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-11 20:57 - 2018-09-20 02:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-11 20:57 - 2018-09-20 00:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-11 20:57 - 2018-09-19 23:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-11 20:57 - 2018-09-19 22:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-11 20:57 - 2018-09-19 22:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-11 20:57 - 2018-09-19 22:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-11 20:57 - 2018-09-19 22:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-11 20:57 - 2018-09-19 22:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-11 20:57 - 2018-09-19 22:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-11 20:57 - 2018-09-19 22:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-11 20:57 - 2018-09-19 22:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-11 20:57 - 2018-09-19 22:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-11 20:57 - 2018-09-19 22:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-11 20:57 - 2018-09-19 22:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-11 20:57 - 2018-09-19 22:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-11 20:57 - 2018-09-19 22:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-11 20:57 - 2018-09-19 22:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-11 20:57 - 2018-09-19 22:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-11 20:57 - 2018-09-19 22:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-11 20:57 - 2018-09-19 21:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-11 20:57 - 2018-09-19 21:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-11 20:57 - 2018-09-19 21:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-11 20:57 - 2018-09-19 21:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-11 20:57 - 2018-09-19 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-11 20:57 - 2018-09-19 21:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-11 20:57 - 2018-09-19 20:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-11 20:57 - 2018-09-19 19:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-11 20:57 - 2018-09-08 01:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-11 20:57 - 2018-09-08 01:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-11 20:57 - 2018-09-08 01:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-11 20:57 - 2018-09-08 01:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-11 20:57 - 2018-09-08 01:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-11 20:57 - 2018-09-08 01:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-11 20:57 - 2018-09-08 01:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-11 20:57 - 2018-09-08 01:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-11 20:57 - 2018-09-08 01:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-11 20:57 - 2018-09-08 01:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-11 20:57 - 2018-09-08 01:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-11 20:57 - 2018-09-08 01:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-11 20:57 - 2018-09-08 01:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-11 20:57 - 2018-09-08 01:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-11 20:57 - 2018-09-08 01:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-11 20:57 - 2018-09-08 01:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-11 20:57 - 2018-09-08 01:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-11 20:57 - 2018-09-08 00:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-11 20:57 - 2018-09-08 00:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-11 20:57 - 2018-09-08 00:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-11 20:57 - 2018-09-07 21:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-11 20:57 - 2018-09-07 21:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-11 20:57 - 2018-09-07 21:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-11 20:57 - 2018-09-07 21:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-11 20:57 - 2018-09-07 21:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-11 20:57 - 2018-09-07 21:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-11 20:57 - 2018-09-07 21:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-11 20:57 - 2018-09-07 21:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-11 20:57 - 2018-09-07 21:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-11 20:57 - 2018-09-07 21:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-11 20:57 - 2018-09-07 21:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-11 20:57 - 2018-09-07 21:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-11 20:57 - 2018-09-07 21:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-11 20:57 - 2018-09-07 21:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-11 20:57 - 2018-09-07 21:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-11 20:57 - 2018-09-07 21:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-11 20:57 - 2018-09-07 21:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-11 20:57 - 2018-09-07 21:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-11 20:57 - 2018-09-07 21:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-11 12:18 - 2018-10-11 12:18 - 000000000 ____D C:\Users\oldman\Desktop\DJ's Scans
2018-10-07 15:59 - 2018-10-07 16:00 - 000391138 _____ C:\Users\oldman\Downloads\QualityAssuranceTestingProtocols.pdf
2018-10-07 15:52 - 2018-10-07 15:52 - 000753141 _____ C:\Users\oldman\Downloads\MetrcMTTestingLabUserGuide.pdf
2018-10-07 15:52 - 2018-10-07 15:52 - 000091218 _____ C:\Users\oldman\Downloads\37-839adp-arm.pdf
2018-10-01 12:57 - 2018-10-01 12:59 - 009945221 _____ C:\Users\oldman\Desktop\HealthSummary20181001.zip
2018-10-01 00:14 - 2018-10-01 00:15 - 027152440 _____ (Adlice Software) C:\Users\oldman\Desktop\RogueKiller_portable64.exe
2018-09-30 14:48 - 2018-09-30 14:48 - 007592144 _____ (Malwarebytes) C:\Users\oldman\Desktop\adwcleaner_7.2.4.0.exe
2018-09-29 21:59 - 2018-09-10 12:08 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180929-215909.backup
2018-09-17 11:44 - 2018-09-17 11:44 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-09-17 11:43 - 2018-09-17 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-09-17 11:43 - 2018-09-17 11:43 - 000000000 ____D C:\Program Files\iPod
2018-09-17 11:42 - 2018-09-17 11:43 - 000000000 ____D C:\Program Files\iTunes
2018-09-17 10:38 - 2018-09-04 16:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-16 16:06 - 2017-05-27 08:59 - 000021243 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-10-16 16:00 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-16 15:59 - 2018-06-02 01:54 - 000000000 ____D C:\Users\oldman
2018-10-16 15:58 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
2018-10-16 15:58 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-16 15:57 - 2018-07-07 12:40 - 000000000 ____D C:\WINDOWS\Minidump
2018-10-16 15:57 - 2018-06-02 02:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-16 15:57 - 2018-06-02 01:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-16 15:57 - 2015-05-03 12:12 - 000510274 ____N C:\WINDOWS\Minidump\101618-58734-01.dmp
2018-10-16 15:28 - 2016-06-26 05:49 - 000154577 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-10-16 15:00 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-10-16 13:36 - 2018-06-02 02:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2018-10-16 12:47 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2018-10-16 12:39 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-16 12:24 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
2018-10-16 12:11 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-16 12:11 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-10-16 11:49 - 2017-10-17 05:24 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-16 11:47 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-16 11:47 - 2018-01-27 14:55 - 000000000 ____D C:\NPE
2018-10-16 11:47 - 2017-11-10 20:20 - 000002335 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-10-16 11:46 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2018-10-16 11:29 - 2018-06-02 02:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2018-10-16 11:24 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-10-16 11:24 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-10-16 09:07 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-16 08:11 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
2018-10-15 21:35 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2018-10-15 21:35 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-10-12 22:07 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-12 09:37 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-12 09:36 - 2018-06-02 01:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-12 09:32 - 2015-09-16 10:37 - 000000000 ___RD C:\Users\oldman\3D Objects
2018-10-12 09:32 - 2015-05-03 12:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-12 09:29 - 2018-06-02 01:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-12 09:25 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-11 21:32 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-11 21:24 - 2015-05-03 19:25 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-11 21:23 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-10 20:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-09 11:00 - 2018-09-11 21:17 - 006226432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-10-09 11:00 - 2018-06-02 02:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 11:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-09 11:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-08 14:36 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-08 13:34 - 2017-09-28 22:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
2018-10-08 13:23 - 2018-08-08 20:56 - 000000893 _____ C:\Users\oldman\Desktop\current med list.txt
2018-10-08 13:18 - 2018-07-12 22:10 - 000000000 ____D C:\Users\oldman\Desktop\JJ Family working on it
2018-10-05 23:34 - 2017-08-25 16:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-05 23:34 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-05 09:23 - 2015-05-03 11:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-03 20:25 - 2015-12-10 17:48 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Adobe
2018-10-02 14:13 - 2018-09-12 22:09 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 14:13 - 2018-09-12 22:09 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-01 01:56 - 2013-08-22 09:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-10-01 00:20 - 2017-12-17 15:55 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-09-30 12:03 - 2018-05-04 22:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
2018-09-27 15:28 - 2018-05-04 22:19 - 000000000 ____D C:\ProgramData\NWPService
2018-09-19 17:46 - 2015-06-14 11:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-19 17:46 - 2015-06-14 11:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-19 13:02 - 2018-06-02 02:10 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2015-08-15 18:31 - 2018-07-29 11:44 - 000009728 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 13:43 - 2018-10-11 13:40 - 000106352 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-02 01:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by oldman (16-10-2018 16:08:28)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1803 17134.345 (X64) (2018-06-02 08:47:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.0.247 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-10-11] (Microsoft Corporation)
Task: {18BB25D8-03D9-422C-A057-254BBEC85460} - System32\Tasks\{647E1911-0F4F-4C7A-85F2-4BDF10C6B80F} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\AppData\Local\join.me\join.me.exe -c -uninstall
Task: {1B45A39A-64C2-4606-92B6-9B885988EF92} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {20315DD9-4094-4271-9F7A-D7F2459F3351} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3EF2BB24-1F09-4D2F-850B-1641939DFA77} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9BB2C6F5-8FA9-4B29-A55A-3B2CECD37A04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {A0B92B34-B5CA-49F1-98C7-6899E27B70C7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.0.247\WSCStub.exe [2018-10-05] (Symantec Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {C1470389-004D-4179-B95E-0A46324725AF} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {E55BB73E-B3E4-4238-87BE-56ABACE54FE3} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {FF0CA258-3A02-4D3D-A2E2-799F0EAB7CDB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-10-05] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-04 07:23 - 2018-05-04 07:23 - 003232448 _____ () C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-11 20:58 - 2018-09-19 21:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-05-03 00:52 - 2012-06-07 21:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7941 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7941 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 21:01 - 2018-10-16 08:36 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15608 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
DNS Servers: 192.168.0.1 - 205.171.3.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{C5449203-F0BB-4691-A5EE-2F7B4D5C379A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B80B7944-0578-4FDB-83D2-3883E685F4E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
22-09-2018 18:46:19 Scheduled Checkpoint
02-10-2018 10:55:00 Scheduled Checkpoint
09-10-2018 15:15:26 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/16/2018 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (10/16/2018 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (10/16/2018 12:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (10/16/2018 12:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (10/16/2018 12:10:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (10/16/2018 12:09:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/16/2018 11:46:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (10/16/2018 11:46:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.
System errors:
=============
Error: (10/16/2018 03:59:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/16/2018 03:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (10/16/2018 03:58:05 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (10/16/2018 03:58:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffa60155926010, 0x00000000000000ff, 0x0000000000000000, 0xfffff8007b9995ae). A dump was saved in: C:\WINDOWS\Minidump\101618-58734-01.dmp. Report Id: d3a839bd-9cd7-4c38-9b52-c1357426a3d4.
Error: (10/16/2018 03:57:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:46:00 PM on 10/16/2018 was unexpected.
Error: (10/16/2018 12:41:49 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (10/16/2018 12:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/16/2018 12:12:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Windows Defender:
===================================
Date: 2018-10-16 11:58:25.908
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2018-10-16 11:58:24.025
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.277.1174.0
Previous Signature Version: 1.261.367.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2018-10-16 11:58:24.025
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.277.1174.0
Previous Signature Version: 1.261.367.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14500.5
Previous Engine Version: 1.1.14500.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2018-09-24 17:35:43.749
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-09-24 17:35:43.748
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-10-11 12:04:33.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.102
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-28 15:39:51.563
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-28 15:39:51.477
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3554.26 MB
Available physical RAM: 1947.73 MB
Total Virtual: 5858.26 MB
Available Virtual: 4321.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:568.68 GB) (Free:338.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
==================== End of Addition.txt ============================
I'm asking about is some suspicious text in my zamgaurd driver
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
It appears to be a left over file from an incomplete uninstall from Zemana AntiMalware.
I've added it in the script below.
*****************
I'm finding conflicting information online that suggests you might need to remove SpyProtector from your computer.
Let's wait and see if any of the tools we use find anything.
*****************
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll
Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
C:\WINDOWS\ZAM_Guard.krnl.trace
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
C:\WINDOWS\System32\drivers\zamguard64.sys
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you still have these tools located on your machine please delete those so we can download new/updated versions.
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
*************************************************************************
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
created by Aura
Your next reply(ies) should therefore contain:
Copy/pasted Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log
Interestingly enough... I had to do a system restore (1st time ever on this machine)this morning to get it running. This brought me back to a point prior to the download, install and scan of the FRST. I re-downloaded and ran the fix list, hoping it would work, it seems to have done the trick. I'll let you interpret the logs but I think things look pretty good. On the matter of the zamgaurd text, I was surprised to see no Zgaurd present anywhere in security task manager, things are running fine so I don't think I'll miss Zgaurd for now. It's worth mentioning that the Spy Protector/ STM didn't have any issues with the tools used so far, but I only run it with "warn when registry is changed" enabled unless I'm in doubt of a particular site. I'll check back for your opinion on the logs, hopefully things are as good as they seem. Thanks again.
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by oldman (17-10-2018 18:41:12) Run:1
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll
Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
C:\WINDOWS\ZAM_Guard.krnl.trace
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
C:\WINDOWS\System32\drivers\zamguard64.sys
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => removed successfully
HKLM\Software\Classes\CLSID\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => not found
HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67748148-C9ED-45C1-9AED-2EB848D826F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67748148-C9ED-45C1-9AED-2EB848D826F3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F2F520-1207-4618-956D-6C972DD869D8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F2F520-1207-4618-956D-6C972DD869D8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD77ED0C-E0A8-4E66-AB5C-326915A65B28}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD77ED0C-E0A8-4E66-AB5C-326915A65B28}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => removed successfully
C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
ZAM_Guard => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully
ZAM_Guard => service removed successfully
C:\WINDOWS\System32\drivers\zamguard64.sys => moved successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\patch.js => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Windows\Temp\WERE2B.tmp.WERDataCollectionStatus.txt => moved successfully
C:\Windows\Temp\WERF49D.tmp.WERDataCollectionStatus.txt => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 109722594 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5369788 B
Edge => 551262 B
Chrome => 5233094 B
Firefox => 1068103307 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 105758 B
LocalService => 0 B
NetworkService => 56904 B
NetworkService => 0 B
oldman => 213700819 B
RecycleBin => 911558601 B
EmptyTemp: => 2.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:52:37 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-17-2018
# Duration: 00:00:08
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Not Deleted nortonsafe.search.ask.com
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1480 octets] - [15/07/2018 18:30:27]
AdwCleaner[C00].txt - [1606 octets] - [15/07/2018 18:30:50]
AdwCleaner[S01].txt - [25595 octets] - [10/08/2018 21:00:18]
AdwCleaner[C01].txt - [22574 octets] - [10/08/2018 21:01:03]
AdwCleaner[S02].txt - [2316 octets] - [10/09/2018 17:10:30]
AdwCleaner[C02].txt - [2334 octets] - [10/09/2018 17:10:59]
AdwCleaner[S03].txt - [1767 octets] - [30/09/2018 14:50:26]
AdwCleaner[C03].txt - [1913 octets] - [30/09/2018 14:51:05]
AdwCleaner[S04].txt - [1765 octets] - [17/10/2018 19:12:57]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
RogueKiller V12.13.5.0 (x64) [Oct 15 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : oldman [Administrator]
Started from : C:\Users\oldman\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 10/17/2018 19:30:20 (Duration : 01:29:30)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547564A9E384 SATA Disk Device +++++
--- User ---
[MBR] f8e22dc9d39f3cb77ff7fb8069b9bd7e
[BSP] e2a2ab006f8e6f25f3f1bbc38acf5dba : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 582324 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1194217472 | Size: 940 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1196144640 | Size: 451 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 1197068288 | Size: 25974 MB
User = LL1 ... OK
User = LL2 ... OK
:)
hopefully things are as good as they seem
Results from the logs look good.
Maybe when you did a system restore it set something back to default.....We might never know but kinda glad you did it.
With the below scan if nothing is found there will be no report to post.
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
:cool: I can't believe how well this machine is running now, thanks so much. I'll check back to see if there are any more thoughts on this but things are looking pretty good.
Don't jinx yourself!
If you run the online scan and nothing is found we can probably remove the tools used which, can be found to be malicious by antivirus scanners.
DelFix
Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
****************
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.
reopened by user request.
As we go through the process this time I would like to bring up several questions concerning different aspects of the infection/fix. After reading through other malware threads I see a lot of issues that I seem to have in common with other posters, I'm hoping to put that to use and learn more about where I'm going wrong with this endless supply of redirects and malware.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by oldman (administrator) on EUSTACE (16-11-2018 17:59:00)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Farbar) C:\Users\oldman\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe -minimize
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
FireFox:
========
FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-16]
FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-11]
FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-13]
FF Extension: (Firefox Monitor) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\features\{22b3967d-ec96-4a79-9b39-976ff2a296b6}\fxmonitor@mozilla.org.xpi [2018-11-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181113.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181115.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-16 17:59 - 2018-11-16 18:01 - 000023459 _____ C:\Users\oldman\Desktop\FRST.txt
2018-11-16 17:58 - 2018-11-16 17:59 - 000000000 ____D C:\FRST
2018-11-16 17:52 - 2018-11-16 17:55 - 001124939 _____ C:\Users\oldman\Downloads\FRST64.exe.part
2018-11-16 17:52 - 2018-11-16 17:53 - 002416128 _____ (Farbar) C:\Users\oldman\Desktop\FRST64(1).exe
2018-11-16 17:46 - 2018-11-16 17:52 - 000000000 _____ C:\Users\oldman\Downloads\FRST64.exe
2018-11-15 21:16 - 2018-11-15 21:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 17:17 - 2018-11-14 20:07 - 000002500 _____ C:\Users\oldman\Desktop\new FRST notes.txt
2018-11-13 20:29 - 2018-11-16 11:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
2018-11-12 12:39 - 2018-11-16 17:44 - 000000291 _____ C:\DelFix.txt
2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
2018-11-10 22:51 - 2018-11-10 22:51 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
2018-10-30 17:48 - 2018-10-30 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66655511.sys
2018-10-30 17:26 - 2018-10-30 17:26 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-30 16:49 - 2018-11-11 14:34 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2018-10-30 09:43 - 2018-10-19 18:05 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181030-104320.backup
2018-10-30 00:49 - 2018-10-30 00:49 - 000000074 _____ C:\Users\oldman\Desktop\SciDirect white matter disease.txt
2018-10-20 23:17 - 2018-11-13 18:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-10-19 18:05 - 2018-09-29 20:59 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181019-190503.backup
2018-10-18 23:07 - 2018-09-20 21:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-18 23:07 - 2018-09-19 21:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-18 23:07 - 2018-09-19 20:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-18 23:07 - 2018-09-19 20:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-18 23:07 - 2018-09-08 01:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-18 23:07 - 2018-09-08 01:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-18 23:07 - 2018-09-08 01:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-18 23:07 - 2018-09-08 00:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-18 23:07 - 2018-09-08 00:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-18 23:07 - 2018-09-08 00:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-18 23:07 - 2018-09-08 00:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-18 23:07 - 2018-09-08 00:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-18 23:07 - 2018-09-07 23:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-18 23:07 - 2018-09-07 23:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-18 23:07 - 2018-09-07 21:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-18 23:07 - 2018-09-07 20:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-18 23:07 - 2018-09-07 20:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-18 23:07 - 2018-09-07 20:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-18 23:07 - 2018-09-07 20:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-18 23:07 - 2018-09-07 20:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-18 23:07 - 2018-09-07 20:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-18 23:07 - 2018-09-07 20:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-18 23:07 - 2018-09-07 20:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-18 23:06 - 2018-09-21 02:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-18 23:06 - 2018-09-21 01:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-18 23:06 - 2018-09-20 21:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-18 23:06 - 2018-09-20 21:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-18 23:06 - 2018-09-20 21:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-18 23:06 - 2018-09-20 21:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-18 23:06 - 2018-09-20 21:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-18 23:06 - 2018-09-20 21:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-18 23:06 - 2018-09-20 21:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-18 23:06 - 2018-09-20 20:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-18 23:06 - 2018-09-20 20:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-18 23:06 - 2018-09-20 20:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-18 23:06 - 2018-09-20 20:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-18 23:06 - 2018-09-20 20:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-18 23:06 - 2018-09-20 20:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-18 23:06 - 2018-09-20 20:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-18 23:06 - 2018-09-20 20:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-18 23:06 - 2018-09-20 02:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-18 23:06 - 2018-09-20 02:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-18 23:06 - 2018-09-20 02:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-18 23:06 - 2018-09-20 02:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-18 23:06 - 2018-09-20 01:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-18 23:06 - 2018-09-20 01:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-18 23:06 - 2018-09-20 01:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-18 23:06 - 2018-09-20 01:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-18 23:06 - 2018-09-19 21:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-18 23:06 - 2018-09-19 21:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-18 23:06 - 2018-09-19 21:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-18 23:06 - 2018-09-19 21:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-18 23:06 - 2018-09-19 21:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-18 23:06 - 2018-09-19 21:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-18 23:06 - 2018-09-19 21:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-18 23:06 - 2018-09-19 21:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-18 23:06 - 2018-09-19 21:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-18 23:06 - 2018-09-19 21:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-18 23:06 - 2018-09-19 20:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-18 23:06 - 2018-09-19 20:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-18 23:06 - 2018-09-19 20:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-18 23:06 - 2018-09-19 20:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-18 23:06 - 2018-09-19 18:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-18 23:06 - 2018-09-08 01:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-18 23:06 - 2018-09-08 01:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-18 23:06 - 2018-09-08 01:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-18 23:06 - 2018-09-08 01:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-18 23:06 - 2018-09-08 01:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-18 23:06 - 2018-09-08 01:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-18 23:06 - 2018-09-08 01:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-18 23:06 - 2018-09-08 01:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-18 23:06 - 2018-09-08 00:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-18 23:06 - 2018-09-08 00:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-18 23:06 - 2018-09-08 00:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-18 23:06 - 2018-09-08 00:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-18 23:06 - 2018-09-08 00:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-18 23:06 - 2018-09-08 00:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-18 23:06 - 2018-09-08 00:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-18 23:06 - 2018-09-08 00:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-18 23:06 - 2018-09-08 00:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-18 23:06 - 2018-09-08 00:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-18 23:06 - 2018-09-08 00:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-18 23:06 - 2018-09-08 00:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-18 23:06 - 2018-09-08 00:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-18 23:06 - 2018-09-08 00:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-18 23:06 - 2018-09-08 00:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-18 23:06 - 2018-09-08 00:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-18 23:06 - 2018-09-08 00:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-18 23:06 - 2018-09-08 00:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-18 23:06 - 2018-09-08 00:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-18 23:06 - 2018-09-08 00:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-18 23:06 - 2018-09-08 00:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-18 23:06 - 2018-09-08 00:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-18 23:06 - 2018-09-08 00:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-18 23:06 - 2018-09-08 00:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-18 23:06 - 2018-09-07 23:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-18 23:06 - 2018-09-07 23:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-18 23:06 - 2018-09-07 23:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-18 23:06 - 2018-09-07 23:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-18 23:06 - 2018-09-07 23:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-18 23:06 - 2018-09-07 23:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-18 23:06 - 2018-09-07 23:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-18 23:06 - 2018-09-07 23:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-18 23:06 - 2018-09-07 23:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-18 23:06 - 2018-09-07 23:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-18 23:06 - 2018-09-07 20:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-18 23:06 - 2018-09-07 20:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-18 23:06 - 2018-09-07 20:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-18 23:06 - 2018-09-07 20:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-18 23:06 - 2018-09-07 20:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-18 23:06 - 2018-09-07 20:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-18 23:06 - 2018-09-07 20:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-18 23:06 - 2018-09-07 20:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-18 23:06 - 2018-09-07 20:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-18 23:06 - 2018-09-07 20:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-18 23:06 - 2018-09-07 20:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-18 23:06 - 2018-09-07 20:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-18 23:06 - 2018-09-07 20:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-18 23:06 - 2018-09-07 20:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-18 23:06 - 2018-09-07 20:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-18 23:06 - 2018-09-07 20:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-18 23:06 - 2018-09-07 20:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-18 23:06 - 2018-09-07 20:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-18 23:06 - 2018-09-07 20:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-18 23:06 - 2018-09-07 20:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-18 23:06 - 2018-09-07 20:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-18 23:06 - 2018-09-07 20:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-18 23:06 - 2018-09-07 20:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-18 23:06 - 2018-09-07 20:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-18 23:06 - 2018-09-07 20:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-18 23:06 - 2018-09-07 20:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-18 23:06 - 2018-09-07 20:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-18 23:06 - 2018-09-07 20:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-18 23:06 - 2018-09-07 20:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-18 23:06 - 2018-09-07 20:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-18 23:06 - 2018-09-07 20:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-18 23:06 - 2018-09-07 20:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-18 23:06 - 2018-09-07 20:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-18 23:06 - 2018-09-07 20:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-18 23:06 - 2018-09-07 20:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-18 23:06 - 2018-09-07 20:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-18 23:06 - 2018-09-07 20:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-18 23:06 - 2018-09-07 20:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-18 23:06 - 2018-09-07 20:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-18 23:06 - 2018-09-07 20:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-18 11:11 - 2018-10-18 11:16 - 350756008 _____ C:\Users\oldman\Desktop\EmsisoftEmergencyKit.exe
2018-10-17 17:45 - 2018-10-17 17:54 - 000002079 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-16 18:03 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-16 17:56 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2018-11-16 17:50 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2018-11-16 17:34 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 17:34 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 17:32 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-16 15:13 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-16 11:41 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-16 11:41 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
2018-11-15 17:02 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2018-11-15 17:01 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-11-15 13:15 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2018-11-15 13:15 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-15 09:15 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-15 09:15 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
2018-11-15 09:15 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-14 23:39 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-14 23:39 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 22:24 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 21:13 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-11-14 19:36 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 19:35 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-14 19:35 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-13 17:48 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-11-12 19:02 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
2018-10-30 19:04 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-30 17:47 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-10-30 17:26 - 2016-06-26 04:49 - 000170040 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-10-26 18:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-21 12:18 - 2016-07-03 23:11 - 000000000 ____D C:\ProgramData\BOINC
2018-10-19 18:45 - 2018-01-03 20:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
2018-10-19 18:45 - 2017-12-09 00:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2018-10-19 14:13 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-19 14:13 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-19 12:03 - 2016-04-07 21:48 - 000000000 ____D C:\Users\oldman\Documents\Georgia
2018-10-18 14:48 - 2018-01-12 15:01 - 000000693 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
2018-10-18 12:43 - 2017-05-28 14:25 - 000000000 ____D C:\EEK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-10-17 13:47 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-17 13:47 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-17 13:47 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-10-17 13:43 - 2018-04-12 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-10-17 13:43 - 2018-04-12 02:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-10-17 13:43 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-17 13:43 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\schemas
2018-10-17 13:43 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-10-17 13:43 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\servicing
2018-10-17 13:42 - 2015-08-28 10:22 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Oracle
2018-10-17 13:42 - 2015-08-14 21:27 - 000000000 ____D C:\Users\oldman\AppData\Roaming\IrfanView
2018-10-17 13:42 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Battle.net
2018-10-17 13:41 - 2017-12-17 14:55 - 000000000 ____D C:\ProgramData\RogueKiller
2018-10-17 13:41 - 2017-11-10 19:17 - 000000000 ____D C:\Program Files\Norton Security
2018-10-17 13:41 - 2015-12-03 21:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-17 13:37 - 2018-10-16 14:28 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-10-17 13:36 - 2018-07-07 11:40 - 000000000 ____D C:\WINDOWS\Minidump
2018-10-17 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-10-17 12:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\registration
2018-10-17 12:52 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Web
2018-10-17 12:48 - 2018-06-02 01:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-10-17 12:47 - 2018-04-13 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 12:47 - 2015-06-13 13:02 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 12:45 - 2018-04-13 00:24 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-17 12:40 - 2015-06-13 12:39 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Sun
2018-10-17 12:38 - 2015-05-24 00:53 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Google
2018-10-17 09:13 - 2015-05-23 08:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 12:43 - 2018-11-16 11:50 - 000114514 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-02 00:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by oldman (16-11-2018 18:03:23)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
Task: {0E259620-FF99-46AC-A83F-77CDB89116FC} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {87498E24-4318-4420-B39E-6C2ECA53B5BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {8F1BF25C-F1A1-4C6B-AB35-F344DD78A235} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {CAE0ED78-6ADD-4119-8432-2D760870F7D5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 20:01 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
DNS Servers: 192.168.0.1 - 205.171.3.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
26-10-2018 23:07:09 Scheduled Checkpoint
31-10-2018 19:27:43 Installed HP PC Hardware Diagnostics Windows
10-11-2018 15:28:50 Scheduled Checkpoint
13-11-2018 20:32:10 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2018 09:17:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15390
Error: (11/15/2018 09:17:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15390
Error: (11/15/2018 09:17:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/15/2018 03:15:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/15/2018 03:15:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/15/2018 11:37:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766
Error: (11/15/2018 11:37:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766
Error: (11/15/2018 11:37:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (11/16/2018 11:36:24 AM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/16/2018 11:08:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/16/2018 11:05:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/15/2018 04:56:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/15/2018 01:15:47 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/15/2018 01:15:32 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/15/2018 01:13:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/15/2018 09:22:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:14.293
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-10-17 21:12:23.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-11-14 12:08:00.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.372
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.102
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 3554.26 MB
Available physical RAM: 2163.15 MB
Total Virtual: 5986.26 MB
Available Virtual: 3989.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:568.68 GB) (Free:336.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
==================== End of Addition.txt ============================
Resetting browsers didn't help?
Let's see what we can do.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If any of the tools I request you use are already on your computer, please delete those and download updated copies.
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
****
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
~~~
please post
Fixlog.txt
AdwCleaner log
RogueKiller log
The FRST fix had a hang up while running, had to run it twice to get the log.
The Rogue scan was clean so I didn't pos that log.
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by oldman (19-11-2018 16:46:27) Run:2
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Spy Protector" => not found
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\MpCmdRun.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4252004 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 17113940 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1924 B
LocalService => 0 B
NetworkService => 2110 B
NetworkService => 0 B
oldman => 141599 B
RecycleBin => 0 B
EmptyTemp: => 30.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:48:18 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by oldman (19-11-2018 16:46:27) Run:2
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Spy Protector" => not found
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\MpCmdRun.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4252004 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 17113940 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1924 B
LocalService => 0 B
NetworkService => 2110 B
NetworkService => 0 B
oldman => 141599 B
RecycleBin => 0 B
EmptyTemp: => 30.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:48:18 ====
Follow the instructions in the thread below to run a scan with MBAR. Don't forget to update the database before launching the scan, and once launched, leave MBAR running and do not touch your computer until it is done scanning.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
Once MBAR is done scanning, removing threats and rebooting your computer, go in its MBAR folder, and copy/paste the content of the mbar-log-TODAYS-DATE.txt log in your next reply.
The Mbar ran without any glitches but came up clean, nothing to post on that. A few noteworthy items I should mention at this point would be that I deleted my chrome browser some time ago since I didn't use it and it always seemed to figure in to malware detections, there must be components left behind that are being picked up in some of these scans. The only browser add-ons that I use are Norton safe search and Mozilla facebook container, both seem fairly useful and benign, but I could be mistaken. When I first open my FF browser I always get a blank page (see screenshot attached) that doesn't change until I open another tab or hit the FF home page button, this only occurs after the initial computer start up, then the safe search opens as you would expect, I can't account for this and so it seems like "suspicious behavior" to me, but again I could be wrong. Also worth noting, last August my wife ran an "RT" video clip while on her FB page, this resulted in an epic "bearshare" infection that was worth 170 odd detections cleaned with AdwClean, I could post that log but it's probably moot at this point. I can't help but think that after we are done with this session and the delfix is run, I would probably get the same redirect issues by running FRST again in spite of my limiting browsing to nothing more than visiting the sites needed to download tools. One other question involves the attached screen shot "hosts list". After a routine Spybot scan I got a notice from Security task manager that sites were added to my hosts, is this just spybot doing its thing, or something else? I don't really understand host lists and their function so I'm hoping you can tell me what I'm looking at.
Thanks again!
Read over these troubleshooting tips for Firefox.
https://support.mozilla.org/en-US/questions/1220073
If I'm not wrong, Spybot is adding those to a blocked host list, so to me that would be normal.
I should mention at this point would be that I deleted my chrome browser some time ago since I didn't use it and it always seemed to figure in to malware detections, there must be components left behind that are being picked up in some of these scans
Let's check for Chrome left overs.
~~~~~~~~~~~
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
This scan was run without delfixing or any other changes, other than putting the last scan logs into a separate folder. I haven't used the VPN or spyprotector since the last round of fixes. Browsing has been limited to my gmail, online banking and other fairly secure sites. Definitely no facebooking or random site browsing. I do have questions about the
System errors, Whitelisted Internet, IE and Firefox detections, but I'll wait to hear your thoughts.
About the "blank opening ff" question, I did get that sorted out, no problem there anymore. As for the hosts question that makes sense, I was hoping it was spybot making the changes, I just hadn't seen it picked up by the spyprotector so I didn't recognize it. Thanks again for your help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by oldman (administrator) on EUSTACE (22-11-2018 12:50:14)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\oldman\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe [33263160 2018-11-19] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
FireFox:
========
FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-22]
FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181119.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181121.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-22 12:50 - 2018-11-22 12:52 - 000022962 _____ C:\Users\oldman\Desktop\FRST.txt
2018-11-22 12:50 - 2018-11-22 12:50 - 000000000 ____D C:\Users\oldman\Desktop\FRST-OlderVersion
2018-11-21 19:58 - 2018-11-21 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
2018-11-20 11:22 - 2018-11-20 13:31 - 000000000 ____D C:\Users\oldman\Desktop\mbar
2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
2018-11-19 18:48 - 2018-11-19 18:48 - 000000924 _____ C:\Users\oldman\Desktop\Fixlog.txt - Shortcut.lnk
2018-11-19 18:25 - 2018-11-19 18:32 - 000000000 ____D C:\AdwCleaner
2018-11-19 15:39 - 2018-11-19 15:40 - 033263160 _____ C:\Users\oldman\Desktop\RogueKiller_portable64.exe
2018-11-19 15:36 - 2018-11-19 15:36 - 007592144 _____ (Malwarebytes) C:\Users\oldman\Desktop\AdwCleaner.exe
2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
2018-11-16 17:58 - 2018-11-22 12:50 - 000000000 ____D C:\FRST
2018-11-16 17:52 - 2018-11-22 12:50 - 002416640 _____ (Farbar) C:\Users\oldman\Desktop\FRST64(1).exe
2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
2018-11-13 20:29 - 2018-11-22 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
2018-11-12 12:39 - 2018-11-16 17:44 - 000000291 _____ C:\DelFix.txt
2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
2018-10-30 17:48 - 2018-10-30 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66655511.sys
2018-10-30 17:26 - 2018-10-30 17:26 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-30 16:49 - 2018-11-11 14:34 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2018-10-30 09:43 - 2018-10-19 18:05 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181030-104320.backup
2018-10-30 00:49 - 2018-10-30 00:49 - 000000074 _____ C:\Users\oldman\Desktop\SciDirect white matter disease.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-22 12:50 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2018-11-22 12:33 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-22 12:22 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-22 11:42 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2018-11-22 11:39 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-21 22:36 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2018-11-21 22:35 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-11-21 21:44 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-21 19:49 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-21 09:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-20 14:34 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2018-11-20 14:34 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-11-19 18:34 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-19 18:34 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
2018-11-19 18:34 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-19 18:33 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-19 18:33 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 21:13 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-13 17:48 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
2018-10-30 17:26 - 2016-06-26 04:49 - 000170040 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-10-26 18:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories =======
2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 12:43 - 2018-11-16 11:50 - 000114514 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-02 00:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by oldman (22-11-2018 12:53:15)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {87498E24-4318-4420-B39E-6C2ECA53B5BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {C0332FBD-D029-4F04-B246-5CFD8A9087CE} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {DFC75E15-AFDC-46F1-961E-5DBC2D592309} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {FE9D5577-5031-45F5-B05A-BA58FAF62E6C} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 20:01 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
DNS Servers: 192.168.0.1 - 205.171.3.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
31-10-2018 19:27:43 Installed HP PC Hardware Diagnostics Windows
10-11-2018 15:28:50 Scheduled Checkpoint
13-11-2018 20:32:10 Windows Update
17-11-2018 16:54:52 Windows Update
19-11-2018 16:46:37 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/22/2018 11:38:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/22/2018 11:38:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578
Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578
Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/21/2018 07:38:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/21/2018 07:38:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/21/2018 09:54:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
System errors:
=============
Error: (11/22/2018 11:41:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/22/2018 11:38:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/21/2018 07:38:55 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/21/2018 09:57:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/21/2018 09:55:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/20/2018 06:51:25 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/20/2018 06:51:25 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/20/2018 06:51:24 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:14.293
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-10-17 21:12:23.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-11-14 12:08:00.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.372
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.102
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3554.26 MB
Available physical RAM: 1849.52 MB
Total Virtual: 5986.26 MB
Available Virtual: 3892.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:568.68 GB) (Free:337.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
==================== End of Addition.txt ============================
Did you mean spyprotector or Spybot - Search and Destroy?
Cause if I had seen spyprotector I would had asked you to uninstall it.
System errors, Whitelisted Internet, IE and Firefox detections, but I'll wait to hear your thoughts.
What is displayed shows me your behind a router and your ISP carrier, BHO (Browser Helper Objects and browser addons)
along with Main,Default_Page_URL
FireFox: default user Profile for: gzi35chl
home page with addons and extensions
Other items I see are really not disturbing and are seen on most if your not using Cortana and Microsoft Edge. Kinda come along with Windows 10.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Located in your add/remove programs list you should see the below, see if it will allow you to uninstall.
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It seems that the spyprotector I have unfortunately shares its name with another, less desirable program.
https://www.bleepingcomputer.com/virus-removal/remove-spyprotector
The spyprotector on my computer is part of Neuber's security task manager. It was shut down in one of the fix runs recently and I've not bothered restarting it while sorting out the browser issues. I do use the STM part of the program to dump HSST cookies and check processes regularly. The trial gives a good example of what it's capable of. I used it to dump the google update helper program as you requested, the fixlog looks promising, curious what you think.
https://www.neuber.com/taskmanager/process/spyprotector.exe.html
Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by oldman (24-11-2018 21:59:18) Run:3
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo => removed successfully
HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removed successfully
HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28C114CA-CFE9-487D-8483-4C040DF0A54B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28C114CA-CFE9-487D-8483-4C040DF0A54B} => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HighPerformancePlan.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\PowerPlan.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45486718 B
Java, Flash, Steam htmlcache => 1140 B
Windows/system/drivers => 505208 B
Edge => 536910 B
Chrome => 0 B
Firefox => 431465808 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7638 B
LocalService => 0 B
NetworkService => 5300 B
NetworkService => 0 B
oldman => 95001539 B
RecycleBin => 35050569 B
EmptyTemp: => 589.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:03:45 ====
Looks like the tool removed all it was asked to do.
Computer better?
The title says it all, shall I delfix it yet?
Sure
Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
************************************
At this point I'll rerun FRST and see if any of the old redirects show up. Thanks
After a couple days of relatively "safe" browser use, this is the resulting FRST logs. I did, for a period of time, delete super cookies for the clients2.google site but they haven't shown up for a couple months now.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
Ran by oldman (administrator) on EUSTACE (27-11-2018 20:12:56)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe -minimize
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34917264 2018-11-23] (Epic Games, Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
FireFox:
========
FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-27]
FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-23] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-23] (EasyAntiCheat Ltd)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181126.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181127.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-27 20:12 - 2018-11-27 20:15 - 000022416 _____ C:\Users\oldman\Desktop\FRST.txt
2018-11-27 20:12 - 2018-11-27 20:12 - 000000000 ____D C:\FRST
2018-11-27 19:21 - 2018-11-27 19:21 - 002416640 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2018-11-27 11:33 - 2018-11-27 11:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-11-25 16:12 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181125-161220.backup
2018-11-24 21:42 - 2018-11-24 21:42 - 000000120 _____ C:\Users\oldman\Desktop\GUH.txt
2018-11-24 11:29 - 2018-11-24 11:29 - 000000000 ____D C:\Users\oldman\AppData\Local\Speech Graphics
2018-11-24 11:13 - 2018-11-24 11:13 - 000000000 _____ C:\Users\Public\Shared Files
2018-11-24 11:08 - 2018-11-24 11:08 - 000000000 ____D C:\Users\oldman\AppData\Local\NVIDIA Corporation
2018-11-24 11:06 - 2018-11-24 11:06 - 000000000 ____D C:\Users\oldman\AppData\Local\FortniteGame
2018-11-24 11:05 - 2018-11-24 11:05 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-11-23 21:32 - 2018-11-23 21:32 - 000000314 _____ C:\Users\oldman\Desktop\Fortnite.url
2018-11-23 17:37 - 2018-11-24 13:16 - 000000000 ___RD C:\Users\oldman\Desktop\Meghans Games
2018-11-23 17:35 - 2018-11-23 17:35 - 000000000 ____D C:\Program Files\Epic Games
2018-11-23 17:33 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-11-23 17:33 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngineLauncher
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngine
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\EpicGamesLauncher
2018-11-23 17:28 - 2018-11-23 17:28 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-11-23 17:28 - 2018-11-23 17:28 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-11-23 17:27 - 2018-11-23 17:34 - 000000000 ____D C:\ProgramData\Epic
2018-11-23 17:27 - 2018-11-23 17:27 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-11-23 15:31 - 2018-11-24 23:36 - 000005645 _____ C:\Users\oldman\Desktop\11-23 reply spyprotector.txt
2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
2018-11-13 20:29 - 2018-11-27 19:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
2018-11-12 12:39 - 2018-11-26 18:57 - 000000269 _____ C:\DelFix.txt
2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
2018-10-30 17:48 - 2018-10-30 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66655511.sys
2018-10-30 17:26 - 2018-10-30 17:26 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-10-30 16:49 - 2018-11-11 14:34 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2018-10-30 09:43 - 2018-10-19 18:05 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181030-104320.backup
2018-10-30 00:49 - 2018-10-30 00:49 - 000000074 _____ C:\Users\oldman\Desktop\SciDirect white matter disease.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-27 20:09 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2018-11-27 19:38 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2018-11-27 19:37 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-11-27 19:34 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-27 19:28 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2018-11-27 19:26 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-27 19:26 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
2018-11-27 19:26 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-27 19:24 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-27 19:24 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-27 19:23 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
2018-11-27 19:11 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-27 19:11 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2018-11-27 19:06 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2018-11-27 19:01 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-27 14:53 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-27 14:53 - 2017-12-09 00:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2018-11-27 11:25 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-24 19:45 - 2015-06-07 01:19 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.minecraft
2018-11-24 13:17 - 2015-06-13 13:05 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.technic
2018-11-24 11:38 - 2016-07-09 10:48 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-11-24 11:13 - 2018-04-11 16:38 - 000000000 __SHD C:\Users\Public\Libraries
2018-11-23 17:37 - 2015-07-16 19:16 - 000000000 ____D C:\Users\oldman\Documents\miggler minecraft stuff
2018-11-23 17:33 - 2018-06-02 14:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
2018-11-23 17:32 - 2015-06-23 02:50 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-22 15:52 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-21 09:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
2018-10-30 17:26 - 2016-06-26 04:49 - 000170040 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
==================== Files in the root of some directories =======
2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 12:43 - 2018-11-16 11:50 - 000114514 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-02 00:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
Ran by oldman (27-11-2018 20:17:10)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {5BDA31E3-20F6-4E88-83AE-B391B040E53A} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {87498E24-4318-4420-B39E-6C2ECA53B5BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
Task: {8F3D2196-E3FE-44EB-A19A-1011DB451F9F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {D0E6B02A-0585-4046-AEF9-1F9FEFD0F02E} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 20:01 - 2018-11-25 16:12 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
DNS Servers: 192.168.0.1 - 205.171.3.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{453BC9C8-7A11-4BD0-A4BA-9D4EC19097C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0DB363E3-23DE-4A09-8458-A27D4E9AAAF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
24-11-2018 21:39:02 Removed Google Update Helper
24-11-2018 21:40:50 Installed Google Update Helper
24-11-2018 21:41:29 Installed Google Update Helper
24-11-2018 21:43:46 Installed Google Update Helper
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/27/2018 07:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/27/2018 07:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/27/2018 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/27/2018 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15578
Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15578
Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/26/2018 07:21:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
System errors:
=============
Error: (11/27/2018 07:26:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (11/27/2018 07:26:37 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (11/27/2018 07:12:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/27/2018 07:11:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (11/27/2018 07:11:37 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (11/27/2018 07:11:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:03:26 PM on 11/27/2018 was unexpected.
Error: (11/27/2018 07:01:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/27/2018 11:17:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:14.293
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-10-17 21:12:23.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-11-14 12:08:00.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.372
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.102
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 3554.26 MB
Available physical RAM: 2271.4 MB
Total Virtual: 5986.26 MB
Available Virtual: 4331.1 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:568.68 GB) (Free:304.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
==================== End of Addition.txt ============================
to remove all Google services, located in add/remove programs list
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
~~~
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hope this is what we are looking for. :red:
Fix result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by oldman (29-11-2018 13:03:11) Run:1
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin => not found
"C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@talk.google.com/O1DPlugin => not found
"C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => not found
"C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => not found
"C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
"C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll" => not found
"C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CAFA8CA-9428-4563-B226-AEB95322692D} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAFA8CA-9428-4563-B226-AEB95322692D} => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9736044 B
Java, Flash, Steam htmlcache => 1140 B
Windows/system/drivers => 505208 B
Edge => 9216 B
Chrome => 0 B
Firefox => 446210610 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3626 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
oldman => 4793044 B
RecycleBin => 1531 B
EmptyTemp: => 449.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:06:59 ====
Things were running suspiciously smooth so I delfixed and FRSTed again. There are some familiar entries, what do you make of this scan?
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by oldman (30-11-2018 12:06:59)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {4FF70FB8-36AD-4493-AD4A-05ACB699A133} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {5BDA31E3-20F6-4E88-83AE-B391B040E53A} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1CD2A50-ED7D-47E4-8917-D67EA0A5CE96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {E31A4D89-34BD-4CFE-A6A9-B43E1D8E8F23} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 20:01 - 2018-11-25 16:12 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15610 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
DNS Servers: 192.168.0.1 - 205.171.3.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{453BC9C8-7A11-4BD0-A4BA-9D4EC19097C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0DB363E3-23DE-4A09-8458-A27D4E9AAAF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
24-11-2018 21:39:02 Removed Google Update Helper
24-11-2018 21:40:50 Installed Google Update Helper
24-11-2018 21:41:29 Installed Google Update Helper
24-11-2018 21:43:46 Installed Google Update Helper
29-11-2018 13:00:35 Removed Google Talk Plugin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/30/2018 09:35:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/30/2018 09:35:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/30/2018 09:35:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.
Error: (11/30/2018 09:35:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.
Error: (11/29/2018 01:52:54 PM) (Source: ESENT) (EventID: 413) (User: )
Description: TaskMan (6280,R,98) {8A5D338A-29EB-45E3-92D2-155640DF17B3}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (11/29/2018 01:52:54 PM) (Source: ESENT) (EventID: 488) (User: )
Description: TaskMan (6280,R,98) {8A5D338A-29EB-45E3-92D2-155640DF17B3}: An attempt to create the file "C:\ProgramData\SecTaskMan\WindowsUpdates\~jbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).
Error: (11/29/2018 01:04:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (11/29/2018 01:03:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (11/30/2018 09:38:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/30/2018 09:36:12 AM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/30/2018 09:35:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2018 10:05:06 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2018 01:09:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/29/2018 01:08:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (11/29/2018 01:08:58 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (11/29/2018 01:03:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:17.809
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-10-24 21:41:14.293
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-10-17 21:12:23.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.367.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-11-14 12:08:00.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-11-14 12:08:00.372
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-11 12:04:33.102
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
Date: 2018-09-05 22:40:18.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3554.26 MB
Available physical RAM: 1901.94 MB
Total Virtual: 5858.26 MB
Available Virtual: 3972.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:568.68 GB) (Free:304.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by oldman (administrator) on EUSTACE (30-11-2018 12:03:16)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp\ClassicWin32App.exe
(Symantec Corporation) C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp\ClassicWin32App.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe -minimize
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34917264 2018-11-23] (Epic Games, Inc.)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
FireFox:
========
FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-30]
FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-23] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-23] (EasyAntiCheat Ltd)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181127.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-11-29] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181129.063\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-30 12:03 - 2018-11-30 12:05 - 000021658 _____ C:\Users\oldman\Desktop\FRST.txt
2018-11-30 12:02 - 2018-11-30 12:03 - 000000000 ____D C:\FRST
2018-11-30 12:01 - 2018-11-30 12:01 - 002417152 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2018-11-29 19:58 - 2018-11-29 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-11-25 16:12 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181125-161220.backup
2018-11-24 21:42 - 2018-11-24 21:42 - 000000120 _____ C:\Users\oldman\Desktop\GUH.txt
2018-11-24 11:29 - 2018-11-24 11:29 - 000000000 ____D C:\Users\oldman\AppData\Local\Speech Graphics
2018-11-24 11:13 - 2018-11-24 11:13 - 000000000 _____ C:\Users\Public\Shared Files
2018-11-24 11:08 - 2018-11-24 11:08 - 000000000 ____D C:\Users\oldman\AppData\Local\NVIDIA Corporation
2018-11-24 11:06 - 2018-11-24 11:06 - 000000000 ____D C:\Users\oldman\AppData\Local\FortniteGame
2018-11-24 11:05 - 2018-11-24 11:05 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-11-23 21:32 - 2018-11-23 21:32 - 000000314 _____ C:\Users\oldman\Desktop\Fortnite.url
2018-11-23 17:37 - 2018-11-24 13:16 - 000000000 ___RD C:\Users\oldman\Desktop\Meghans Games
2018-11-23 17:35 - 2018-11-23 17:35 - 000000000 ____D C:\Program Files\Epic Games
2018-11-23 17:33 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-11-23 17:33 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngineLauncher
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngine
2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\EpicGamesLauncher
2018-11-23 17:28 - 2018-11-23 17:28 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-11-23 17:28 - 2018-11-23 17:28 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2018-11-23 17:27 - 2018-11-23 17:34 - 000000000 ____D C:\ProgramData\Epic
2018-11-23 17:27 - 2018-11-23 17:27 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-11-23 15:31 - 2018-11-24 23:36 - 000005645 _____ C:\Users\oldman\Desktop\11-23 reply spyprotector.txt
2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
2018-11-13 20:29 - 2018-11-29 23:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
2018-11-12 12:39 - 2018-11-30 11:52 - 000000525 _____ C:\DelFix.txt
2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-30 12:02 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2018-11-30 11:03 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-30 09:38 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2018-11-30 00:58 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-29 14:23 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2018-11-29 14:22 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-11-29 14:16 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-11-29 13:09 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
2018-11-29 13:09 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-29 13:08 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-29 13:07 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-29 13:07 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-29 13:02 - 2015-05-23 07:39 - 000000000 ____D C:\Users\oldman\AppData\Local\Google
2018-11-29 13:01 - 2015-05-03 10:47 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Mozilla
2018-11-29 09:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-29 09:46 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-28 21:26 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-27 19:23 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
2018-11-27 19:11 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2018-11-27 19:06 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2018-11-27 14:53 - 2017-12-09 00:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2018-11-24 19:45 - 2015-06-07 01:19 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.minecraft
2018-11-24 13:17 - 2015-06-13 13:05 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.technic
2018-11-24 11:38 - 2016-07-09 10:48 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-11-24 11:13 - 2018-04-11 16:38 - 000000000 __SHD C:\Users\Public\Libraries
2018-11-23 17:37 - 2015-07-16 19:16 - 000000000 ____D C:\Users\oldman\Documents\miggler minecraft stuff
2018-11-23 17:33 - 2018-06-02 14:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
2018-11-23 17:32 - 2015-06-23 02:50 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-22 15:52 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-11-11 14:34 - 2018-10-30 16:49 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
==================== Files in the root of some directories =======
2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 12:43 - 2018-11-30 11:37 - 000116564 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-02 00:43
==================== End of FRST.txt ============================
Things were running suspiciously smooth
Good deal
I see a couple things related to Google Chrome
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
C:\Program Files (x86)\Google
C:\Windows\Temp\*.*
Emptytemp:
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
This looks interesting, curious what you think. I did disable one of the Norton "Ask" extensions in my FF, that seems to have been a good thing to do. let me know if there are any other tools I should run before delfixing and rechecking?
Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by oldman (02-12-2018 11:56:20) Run:1
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
C:\Program Files (x86)\Google
C:\Windows\Temp\*.*
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
"C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
C:\Program Files (x86)\Google => moved successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HighPerformancePlan.log => moved successfully
C:\Windows\Temp\PowerPlan.log => moved successfully
C:\Windows\Temp\sa.9MXHFHKR097P_0__.Public.InstallAgent.dat => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15125524 B
Java, Flash, Steam htmlcache => 1140 B
Windows/system/drivers => 1251800 B
Edge => 10854012 B
Chrome => 0 B
Firefox => 250273212 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2720 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
oldman => 13394533 B
RecycleBin => 0 B
EmptyTemp: => 287.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:02:01 ====
OK, log looks good.
Norton/Symantec is used by many but tends to be a little heavy duty (Many security suites can do this so it's not just Norton). It can throw in items of protection that can lead to bogging down a computer while it's trying to give protection on multiple levels. Some machines just don't do well with this heavy load.
Wanted to thank you for your help again, the FRST fixes are priceless to me. I've run many scans, including root kits, everything comes up clean no matter what scanner or tool is used, I'm assuming this is a good sign. This would probably be a good point to close this thread since fixing something that ain't broke is a waste of time for everyone involved. I may play around with this computer a little longer to try and understand better whats going on with the infections but I'll likely just format and reinstall, then watch closely to try and find problems as they develop.
Thanks! :cool:
Happy Holidays, glad we could help.
http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.