1oldman
2019-05-17, 04:03
Hi, (again) I've recently picked up a redirect that I'd like some help with, hoping I haven't worn out your patience and I can get your opinion on these logs. I pulled this off the Wireshark, maybe useful, but this is probably a somewhat involved infection...
[ds-global3.17.search.ystg1.b.yahoo .com] [IP= 98.136.144.138]
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (15-05-2019 23:13:34)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {38F7AC40-C4F1-4823-B0D1-A8F0598D5BC4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9614F9DD-C96B-4F3D-BA9C-E649C94288E0} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {BFEAAB89-A9BC-4AA9-9F1D-AAC4C9F75A31} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33965624 2019-05-14] (Adlice -> )
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Edge:
======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28]
FireFox:
========
FF DefaultProfile: gmcms6os.default-1466821123041-1557966796116
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 [2019-05-15]
FF Homepage: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> moz-extension://abd2b215-bc85-4cda-a6bf-c6e475034c5c/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonsafesearch_ul_ven_y_2@symantec.com
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonhomepage_ven_y@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafesearch_ul_ven_y_2@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafeweb@symantec.com.xpi [2019-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190513.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190515.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-15 23:13 - 2019-05-15 23:17 - 000036936 _____ C:\Users\oldman\Desktop\FRST.txt
2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
2019-05-15 23:11 - 2019-05-15 23:11 - 002434560 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
2019-05-15 17:54 - 2019-05-15 17:54 - 000000495 _____ C:\Users\oldman\Desktop\IE cache 5-15.txt
2019-05-15 14:49 - 2019-05-15 14:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
2019-05-14 16:47 - 2019-05-15 22:16 - 000000223 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
2019-05-14 16:03 - 2019-05-14 16:03 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
2019-05-10 09:13 - 2019-05-15 16:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy
2019-04-16 12:27 - 2019-04-16 12:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iPod
2019-04-15 12:04 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iTunes
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-15 23:13 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
2019-05-15 23:12 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
2019-05-15 22:46 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
2019-05-15 22:46 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
2019-05-15 22:32 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 22:02 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 18:33 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2019-05-15 17:55 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2019-05-15 14:08 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 14:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
2019-05-15 14:01 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-05-15 14:00 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 13:59 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 13:59 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-15 12:41 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 23:25 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-05-14 16:04 - 2019-03-31 16:21 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-14 15:30 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 23:32 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
2019-05-08 19:21 - 2019-03-04 16:43 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2019-05-08 19:20 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
2019-05-08 18:40 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
2019-05-04 23:54 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-04-30 13:53 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-17 15:07 - 2015-07-14 21:37 - 000000000 ____D C:\Users\oldman\Documents\Youcam
2019-04-17 14:34 - 2015-06-02 17:51 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Skype
2019-04-16 12:27 - 2019-03-03 17:49 - 000000000 ____D C:\Program Files\Wireshark
==================== Files in the root of some directories =======
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by oldman (15-05-2019 23:18:20)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
Packages:
=========
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.137.700.0_x86__kgqvnymyfvs32 [2019-04-17] (king.com)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28] (Symantec Corporation)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7945 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7946 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 21:01 - 2019-05-12 23:06 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15617 more lines.
2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "KOBAAmon"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "KOBAAmon"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{02A0DC13-4512-4DA3-AB45-8912D3DF93D8}] => (Allow) LPort=9322
FirewallRules: [{66B8882C-58B1-4E9E-B9A0-31F300A5E704}] => (Allow) LPort=5353
FirewallRules: [{5C19FB7B-5B75-4C8B-AB2E-EAAFFD3DFE93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{71246B5F-9658-4563-8FB3-C9AD629BB5AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3044EDD6-7A83-492B-B5BF-DDD5DDC4181C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36EB4030-7840-451A-8178-E1BF4B08C5A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
28-04-2019 22:55:16 Scheduled Checkpoint
03-05-2019 15:59:03 Windows Update
13-05-2019 13:03:24 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2019 02:01:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.
Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 413) (User: )
Description: TaskMan (1292,R,98) {856C0929-8756-4B9D-9646-8E7FBAA2B3CE}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -528.
Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 454) (User: )
Description: TaskMan (1292,R,98) {27ECD5A8-FE52-4AB2-86CA-0E8C673383A3}: Database recovery/restore failed with unexpected error -1811.
Error: (05/15/2019 11:35:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.
System errors:
=============
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the Razer Game Manager Service service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzActionSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RzActionSvc service to connect.
Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Manager Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Manager Service service to connect.
Error: (05/15/2019 02:00:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (05/15/2019 02:00:49 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (05/15/2019 01:59:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.
CodeIntegrity:
===================================
Date: 2019-05-15 14:01:03.837
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.813
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.369
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.337
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:04.377
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:04.183
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:03.785
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:03.660
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde F.26 02/21/2013
Motherboard: Hewlett-Packard 1849
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3554.26 MB
Available physical RAM: 1031.57 MB
Total Virtual: 6498.26 MB
Available Virtual: 3682.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:567.72 GB) (Free:330.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)
==================== End of Addition.txt ============================
[ds-global3.17.search.ystg1.b.yahoo .com] [IP= 98.136.144.138]
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (15-05-2019 23:13:34)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {38F7AC40-C4F1-4823-B0D1-A8F0598D5BC4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9614F9DD-C96B-4F3D-BA9C-E649C94288E0} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {BFEAAB89-A9BC-4AA9-9F1D-AAC4C9F75A31} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33965624 2019-05-14] (Adlice -> )
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Edge:
======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28]
FireFox:
========
FF DefaultProfile: gmcms6os.default-1466821123041-1557966796116
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 [2019-05-15]
FF Homepage: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> moz-extension://abd2b215-bc85-4cda-a6bf-c6e475034c5c/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonsafesearch_ul_ven_y_2@symantec.com
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonhomepage_ven_y@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafesearch_ul_ven_y_2@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafeweb@symantec.com.xpi [2019-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190513.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190515.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-15 23:13 - 2019-05-15 23:17 - 000036936 _____ C:\Users\oldman\Desktop\FRST.txt
2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
2019-05-15 23:11 - 2019-05-15 23:11 - 002434560 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
2019-05-15 17:54 - 2019-05-15 17:54 - 000000495 _____ C:\Users\oldman\Desktop\IE cache 5-15.txt
2019-05-15 14:49 - 2019-05-15 14:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
2019-05-14 16:47 - 2019-05-15 22:16 - 000000223 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
2019-05-14 16:03 - 2019-05-14 16:03 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
2019-05-10 09:13 - 2019-05-15 16:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy
2019-04-16 12:27 - 2019-04-16 12:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iPod
2019-04-15 12:04 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iTunes
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-15 23:13 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
2019-05-15 23:12 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
2019-05-15 22:46 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
2019-05-15 22:46 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
2019-05-15 22:32 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 22:02 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 18:33 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2019-05-15 17:55 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2019-05-15 14:08 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 14:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
2019-05-15 14:01 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-05-15 14:00 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 13:59 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 13:59 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-15 12:41 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 23:25 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-05-14 16:04 - 2019-03-31 16:21 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-14 15:30 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 23:32 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
2019-05-08 19:21 - 2019-03-04 16:43 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2019-05-08 19:20 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
2019-05-08 18:40 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
2019-05-04 23:54 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-04-30 13:53 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-17 15:07 - 2015-07-14 21:37 - 000000000 ____D C:\Users\oldman\Documents\Youcam
2019-04-17 14:34 - 2015-06-02 17:51 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Skype
2019-04-16 12:27 - 2019-03-03 17:49 - 000000000 ____D C:\Program Files\Wireshark
==================== Files in the root of some directories =======
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by oldman (15-05-2019 23:18:20)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)
Packages:
=========
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.137.700.0_x86__kgqvnymyfvs32 [2019-04-17] (king.com)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28] (Symantec Corporation)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7945 more sites.
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com
There are 7946 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-05-21 21:01 - 2019-05-12 23:06 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15617 more lines.
2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "KOBAAmon"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "KOBAAmon"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{02A0DC13-4512-4DA3-AB45-8912D3DF93D8}] => (Allow) LPort=9322
FirewallRules: [{66B8882C-58B1-4E9E-B9A0-31F300A5E704}] => (Allow) LPort=5353
FirewallRules: [{5C19FB7B-5B75-4C8B-AB2E-EAAFFD3DFE93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{71246B5F-9658-4563-8FB3-C9AD629BB5AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3044EDD6-7A83-492B-B5BF-DDD5DDC4181C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36EB4030-7840-451A-8178-E1BF4B08C5A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
28-04-2019 22:55:16 Scheduled Checkpoint
03-05-2019 15:59:03 Windows Update
13-05-2019 13:03:24 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2019 02:01:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.
Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.
Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 413) (User: )
Description: TaskMan (1292,R,98) {856C0929-8756-4B9D-9646-8E7FBAA2B3CE}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -528.
Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 454) (User: )
Description: TaskMan (1292,R,98) {27ECD5A8-FE52-4AB2-86CA-0E8C673383A3}: Database recovery/restore failed with unexpected error -1811.
Error: (05/15/2019 11:35:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.
System errors:
=============
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the Razer Game Manager Service service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzActionSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RzActionSvc service to connect.
Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Manager Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Manager Service service to connect.
Error: (05/15/2019 02:00:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.
Error: (05/15/2019 02:00:49 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
Error: (05/15/2019 01:59:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.
CodeIntegrity:
===================================
Date: 2019-05-15 14:01:03.837
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.813
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.369
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-15 14:01:03.337
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:04.377
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:04.183
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:03.785
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-05-14 15:40:03.660
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde F.26 02/21/2013
Motherboard: Hewlett-Packard 1849
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3554.26 MB
Available physical RAM: 1031.57 MB
Total Virtual: 6498.26 MB
Available Virtual: 3682.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:567.72 GB) (Free:330.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT
\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)
Partition: GPT.
========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)
==================== End of Addition.txt ============================