Redirecting and stuff [Archive] - Safer-Networking Forums

View Full Version : Redirecting and stuff

1oldman

2019-05-17, 03:03

Hi, (again) I've recently picked up a redirect that I'd like some help with, hoping I haven't worn out your patience and I can get your opinion on these logs. I pulled this off the Wireshark, maybe useful, but this is probably a somewhat involved infection...
[ds-global3.17.search.ystg1.b.yahoo .com] [IP= 98.136.144.138]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (15-05-2019 23:13:34)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {38F7AC40-C4F1-4823-B0D1-A8F0598D5BC4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9614F9DD-C96B-4F3D-BA9C-E649C94288E0} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {BFEAAB89-A9BC-4AA9-9F1D-AAC4C9F75A31} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33965624 2019-05-14] (Adlice -> )
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

Edge:
======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28]

FireFox:
========
FF DefaultProfile: gmcms6os.default-1466821123041-1557966796116
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 [2019-05-15]
FF Homepage: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> moz-extension://abd2b215-bc85-4cda-a6bf-c6e475034c5c/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonsafesearch_ul_ven_y_2@symantec.com
FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonhomepage_ven_y@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafesearch_ul_ven_y_2@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafeweb@symantec.com.xpi [2019-05-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190513.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190515.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 23:13 - 2019-05-15 23:17 - 000036936 _____ C:\Users\oldman\Desktop\FRST.txt
2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
2019-05-15 23:11 - 2019-05-15 23:11 - 002434560 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
2019-05-15 17:54 - 2019-05-15 17:54 - 000000495 _____ C:\Users\oldman\Desktop\IE cache 5-15.txt
2019-05-15 14:49 - 2019-05-15 14:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
2019-05-14 16:47 - 2019-05-15 22:16 - 000000223 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
2019-05-14 16:03 - 2019-05-14 16:03 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
2019-05-10 09:13 - 2019-05-15 16:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy
2019-04-16 12:27 - 2019-04-16 12:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iPod
2019-04-15 12:04 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iTunes

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 23:13 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
2019-05-15 23:12 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
2019-05-15 22:46 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
2019-05-15 22:46 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
2019-05-15 22:32 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 22:02 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 18:33 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2019-05-15 17:55 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2019-05-15 14:08 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 14:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
2019-05-15 14:01 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-05-15 14:00 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 13:59 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 13:59 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-15 12:41 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 23:25 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-05-14 16:04 - 2019-03-31 16:21 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-14 15:30 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 23:32 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
2019-05-08 19:21 - 2019-03-04 16:43 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2019-05-08 19:20 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
2019-05-08 18:40 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
2019-05-04 23:54 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-04-30 13:53 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-17 15:07 - 2015-07-14 21:37 - 000000000 ____D C:\Users\oldman\Documents\Youcam
2019-04-17 14:34 - 2015-06-02 17:51 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Skype
2019-04-16 12:27 - 2019-03-03 17:49 - 000000000 ____D C:\Program Files\Wireshark

==================== Files in the root of some directories =======

2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by oldman (15-05-2019 23:18:20)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

Packages:
=========
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.137.700.0_x86__kgqvnymyfvs32 [2019-04-17] (king.com)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28] (Symantec Corporation)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

There are 7946 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-05-21 21:01 - 2019-05-12 23:06 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15617 more lines.

2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "KOBAAmon"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "KOBAAmon"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02A0DC13-4512-4DA3-AB45-8912D3DF93D8}] => (Allow) LPort=9322
FirewallRules: [{66B8882C-58B1-4E9E-B9A0-31F300A5E704}] => (Allow) LPort=5353
FirewallRules: [{5C19FB7B-5B75-4C8B-AB2E-EAAFFD3DFE93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{71246B5F-9658-4563-8FB3-C9AD629BB5AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3044EDD6-7A83-492B-B5BF-DDD5DDC4181C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36EB4030-7840-451A-8178-E1BF4B08C5A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-04-2019 22:55:16 Scheduled Checkpoint
03-05-2019 15:59:03 Windows Update
13-05-2019 13:03:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2019 02:01:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.

Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.

Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.

Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.

Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 413) (User: )
Description: TaskMan (1292,R,98) {856C0929-8756-4B9D-9646-8E7FBAA2B3CE}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -528.

Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 454) (User: )
Description: TaskMan (1292,R,98) {27ECD5A8-FE52-4AB2-86CA-0E8C673383A3}: Database recovery/restore failed with unexpected error -1811.

Error: (05/15/2019 11:35:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

System errors:
=============
Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the Razer Game Manager Service service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzActionSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RzActionSvc service to connect.

Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Manager Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Manager Service service to connect.

Error: (05/15/2019 02:00:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (05/15/2019 02:00:49 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (05/15/2019 01:59:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.

CodeIntegrity:
===================================

Date: 2019-05-15 14:01:03.837
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 14:01:03.813
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 14:01:03.369
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 14:01:03.337
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-14 15:40:04.377
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-14 15:40:04.183
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-14 15:40:03.785
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-14 15:40:03.660
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde F.26 02/21/2013
Motherboard: Hewlett-Packard 1849
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3554.26 MB
Available physical RAM: 1031.57 MB
Total Virtual: 6498.26 MB
Available Virtual: 3682.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:567.72 GB) (Free:330.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT

\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)

==================== End of Addition.txt ============================

Juliet

2019-05-18, 00:44

Your not going to believe this, I thought I had replied this morning.....sorry

SpyProtector is in your add/remove programs list, at this time, if it's not a paid for product I think you should uninstall it.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
C:\Windows\Temp\*.*
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

please post these 2 logs when finished.

1oldman

2019-05-18, 03:47

No worries on the response time, I'm very patient while getting free, good advice. The logs attached logs reflect a lot of fixes and the restarts were pretty involved, still not out of the proverbial "woods" yet though. At this point the redirect is still saying "Yahoo" (sorry, couldn't resist the pun) I do still see a lot of site traffic on the wireshark that I wish I didn't, this will likely be a rather involved process judging by what I've been watching. I do believe I mentioned once, a popular site for downloading tools etc. that I picked up a "bad" tool from. That was only one of the problems I have documented in captures, screenshots and graphs. This is probably more than script kids just messing around, at least that's my impression. 1st, some detail on the browser redirect. It doesn't seem to be redirecting bookmarked or linked sites, thus I'm able to log into some sites with no apparent problem. Any use of the search bar itself inevitably leads to the yahoo page, no exceptions. I do clear and block cookies in my FF browser as well as the supercookies, in spite of the block, they still reinstall. another point worth mentioning, is that the redirect page added a very cheesy Norton logo to itself, but it wasn't hard to spot the "yahoo format". On the upside, I wasn't terribly surprised to see an account was logged out of during one of the fix restarts. :red:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by oldman (17-05-2019 17:37:26) Run:1
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3DD2649C-CA8A-4727-BA04-DE71F61448D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD2649C-CA8A-4727-BA04-DE71F61448D5}" => removed successfully
C:\WINDOWS\System32\Tasks\npcapwatchdog => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\npcapwatchdog" => removed successfully
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => removed successfully
HKLM\Software\Classes\CLSID\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => not found
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869 => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\System\CurrentControlSet\Services\EasyAntiCheat => removed successfully
EasyAntiCheat => service removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MSI422b.LOG => moved successfully
C:\Windows\Temp\UDD997A.tmp => moved successfully
C:\Windows\Temp\UDD9DE0.tmp => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

The system needed a reboot.

==== End of Fixlog 17:39:20 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-17-2019
# Duration: 00:00:13
# OS: Windows 10 Home
# Cleaned: 6
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Windows Firewall
[+] Reset Chromium Policies
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [23/12/2018 19:17:40]
AdwCleaner[C00].txt - [1436 octets] - [23/12/2018 19:18:10]
AdwCleaner[S01].txt - [1372 octets] - [23/12/2018 19:32:39]
AdwCleaner[C01].txt - [1610 octets] - [23/12/2018 19:33:01]
AdwCleaner[S02].txt - [1494 octets] - [26/01/2019 11:46:42]
AdwCleaner[C02].txt - [1781 octets] - [26/01/2019 11:47:06]
AdwCleaner[S03].txt - [1616 octets] - [13/02/2019 20:05:44]
AdwCleaner[C03].txt - [1880 octets] - [13/02/2019 20:06:14]
AdwCleaner[S04].txt - [2574 octets] - [21/02/2019 22:28:39]
AdwCleaner[C04].txt - [2654 octets] - [21/02/2019 22:35:12]
AdwCleaner[S05].txt - [1860 octets] - [03/03/2019 23:27:13]
AdwCleaner[S06].txt - [1921 octets] - [07/03/2019 17:54:49]
AdwCleaner[S07].txt - [1982 octets] - [29/03/2019 12:04:40]
AdwCleaner[C07].txt - [2246 octets] - [29/03/2019 12:05:12]
AdwCleaner[S08].txt - [2860 octets] - [17/05/2019 18:20:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########

Juliet

2019-05-18, 13:22

One thing I picked up on was Norton safe search uses ASK search engine, ASK search is typically something we remove but here its attached to Nortons.

SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}

~~~
When you have the redirect can you do a screen shot?, what I'd like to see is the url involved or if it can give some type of name that we could go after.

~~~

Let's try refreshing the DNS

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: Bitsadmin /Reset /Allusers
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Has Symantec/Nortons working as it should?

~~~~~~~~~~~~~~~~~~

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

1oldman

2019-05-18, 21:54

About the title of this reply... no, not so much. When I realized what I was looking at (It's pretty ambiguous to a newbie) I ran a clean FRST, then started this thread as well as contacted Norton support with a ticket being as their logs showed a particular intrusion being blocked twice before being logged in as a public network as well as my Norton control panel showed a "smart" firewall that looked way loose. I don't honestly know the differences, so, rely on Norton default settings. lately I notice major settings changes I didn't make, this should give an indicator of how penetrated things are. Point is I can't, with my skill set trust the defaults... I'm getting distracted, back to Norton support, I submitted a screen shot from the FRST, showing a particular Norton component that seemed relevant. they replied, no that's safe, case closed. I reopen with the ticket, uploading the complete FRST logs to them, the FireFox profile defaults alone should have told them they had a problem with there default search. Reply was "no problems, case closed" At that point, I've let it slide and focused on documenting the infection as I work on it here. I can, and will reopen the support ticket. I just don't want to get two fixes conflicting, so at any point that you want, I'll have them use remote login. This will get more involved than just a malware fix, I was thinking that there are aspects we will see that may just look familiar to other readers and overall be at least useful. It's important for people (especially the average user like myself) to realize that my only clue, without special tools running, would have been anything other than that their browser preferred Yahoo. Many people don't really care and would have looked no further, but we are way down a metaphorical "rabbit hole" and its not obvious unless I look in the correct places that anythings really wrong. ( I am piling up Gigs and Gigs of data as this progresses, but there will be interesting things to see) I'll bet for example that the public connection was a "pub. server" that is one port I don't want to see active.
The Emsi logs reflect a scan run in a default admin mode, it took off and ran without letting me check anything. I'll attach the full copy/pasted url on the redirect (It's rather involved) along with an overall screenshot of the site. It's worth noting that entering the full url into VirusTotal links to the Yahoo that gets a 0/70 perfect detection score, but wait for it... when you switch to open it in Graphs, you get a "No results" result. (I love Irony, but that stinks)
If I should get knocked off this machine I'll be in touch through the back up address I gave earlier, thanks again for your help.

1oldman

2019-05-18, 22:02

See title.

Juliet

2019-05-18, 23:50

I think, through my mediocre detective work, the Yahoo search engine is coming from Symantec

hxxps://search-yahoo-/yhs/search?type=ff_hp_c=firefox&machinelocation=244&cmpgn=catalyst&hspart=symantec&hsimp=yhs- <= dont click on the link I tried to disable it but the board is acting crazy

The reason I had asked if Nortons was working as it should is because I had seen a few errors reported through FRST
Date: 2019-05-15 14:01:03.837
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Through trying to go into help pages, others with the same issue, there actually was no resolve since they felt it was related to the security panel as being recognized as your antivirus, and it is....

OK
What we can do, remove the browser helpers from Nortons (If it will allow it), then reset the browsers back to default and see if this can stop whats been happening.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
C:\Windows\Temp\*.*
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reset all browsers settings to default.

Microsoft Edge
https://www.howtogeek.com/237527/how-to-reset-Microsoft-edge-in-Windows-10/

Internet Explorer
https://malwaretips.com/blogs/reset-internet-explorer-settings/

Mozilla Firefox
If you are syncing your account in multiple devices you need to remove/disable it before execute the steps below.
https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems

Google Chrome
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

1oldman

2019-05-20, 03:16

The info on the errors that you posted was very interesting, and would account for some whacko behavior I've been watching lately. I did recognize some of that from logs we recently dealt with. Things got so flakey after my last post that I did a login remote with Norton, after about three hours, they ended up dumping my Frst and Emsi software as well as a couple of bat files that I was wondering about anyway.
At any rate, one tech tweaked the browser settings to search google by way of Bing, This worked briefly for my Firefox but the Yahoo cookies/data reinstalled around the block I have and once again I'm redirecting to "Yahoo know who" ( Watch for updates soon).
With the changes N.S. made, I'm not sure the original Frst scan entry logs are as relevant as when we began this thread. I did run the latest fixlist though but I'll wait for your opinion. Along with latest frst fixlog, I'll be posting a txt file that is the full url it loads for a search of "safernetworking" If I click the link to go to most relevant (and this page looks pretty sharp) I get a "failed connection" load, as well as a screenshot of a (very high probability) fake page that loaded as the remote tech tried to re-establish a blocked connection. (If that url posts as a live link please avoid it, I'll separate the first line yahoo and the .com part as a precaution. In case someone wants to intentionally connect to it they will need to close that space.)

Thanks again, Cheers :)

Juliet

2019-05-20, 11:30

Look back over my post #7, did you by chance follow that?

Also, could you do another scan with FRST and post FRST.txt & Addition.txt

1oldman

2019-05-20, 21:52

I've attached the latest scans as well as went over #7 again, It is entirely possible that I'm getting something wrong but i believe its correct. I did, early in this process reset my FF, things got really, noticeably stranger after that. This time, things started up with a boatload of new trackers including our friendly Yahoo junk. I haven't checked the super list yet but I'll bet its going to be... prolific. One thing I did notice while messing around in edge, is there are two accounts, mine and one titled work, school or group, I believe. I'm curious because it seem to be a working account(I don't want to open it at this point) and I see network connections from time to time that I can't make sense of. I also in mDNS devices at random times, a program called, I believe, tcp-scan-local(close approximation only), it says its attached to my Kodak software... the one with all the unsigned files, and is connecting to a lot more than I believe it really needs access to. I also would like to see the media device designation my c drive gives to the winmedia player, that might be leaky also. Oh ya, I'm still locked out of my VT account there seems to be a problem with the two factor authentication, still working on that. Thanks again.
The attached png is a shot of a site and software I don't know, but it appears to be a vector point while going through logs on the W S, VT as well as other points.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (20-05-2019 12:06:12)
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {07028ECD-38D7-400B-80CB-D0456301472F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DE33D83-A2B7-4062-AD8F-90FC5CDB35DE} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF DefaultProfile: 1rctsaab.default-1466821123041-1558375088613
FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\1rctsaab.default-1466821123041-1558375088613 [2019-05-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190514.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190518.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-20 12:06 - 2019-05-20 12:09 - 000033328 _____ C:\Users\oldman\Desktop\FRST.txt
2019-05-20 11:50 - 2019-05-20 11:50 - 001602785 _____ C:\Users\oldman\Desktop\bookmarks.html
2019-05-20 11:49 - 2019-05-20 11:49 - 001602785 _____ C:\Users\oldman\Desktop\FF bookmark backup.html
2019-05-19 20:42 - 2019-05-12 23:06 - 000454145 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190519-204248.backup
2019-05-19 20:35 - 2019-05-19 20:35 - 000003872 _____ C:\Users\oldman\Desktop\network connection status.txt
2019-05-19 19:11 - 2019-05-20 10:51 - 000000695 _____ C:\Users\oldman\Desktop\Safernetworking yahoo url load.txt
2019-05-19 16:58 - 2019-05-19 16:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-05-19 16:41 - 2019-05-19 16:41 - 000000083 _____ C:\Users\oldman\Desktop\flush question.txt
2019-05-19 16:23 - 2019-05-20 12:05 - 000000000 ____D C:\Users\oldman\Desktop\first frst logs and fixlog
2019-05-19 16:21 - 2019-05-19 16:21 - 002435072 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
2019-05-18 19:54 - 2019-05-18 19:54 - 004895524 _____ C:\Users\oldman\Desktop\W S 5-18 after norton restarted.pcapng
2019-05-18 19:03 - 2019-05-18 19:03 - 000064544 _____ C:\Users\oldman\Desktop\W S after Norton.pcapng
2019-05-18 17:31 - 2019-05-18 17:31 - 005167504 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NFT.exe
2019-05-18 17:31 - 2019-05-18 17:31 - 000000000 ____D C:\ProgramData\Norton NFT
2019-05-18 16:35 - 2019-05-18 16:35 - 000002358 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Support.lnk
2019-05-18 16:01 - 2019-05-18 16:01 - 000000008 _____ C:\Users\oldman\Desktop\second norton id.txt
2019-05-18 14:35 - 2019-05-18 14:36 - 009155228 _____ C:\Users\oldman\Desktop\W S 5-18 after spybot login now.pcapng
2019-05-18 12:07 - 2019-05-18 12:07 - 000000495 _____ C:\Users\oldman\Desktop\emsi clean log.txt
2019-05-18 11:26 - 2019-05-18 11:27 - 283252560 _____ C:\Users\oldman\Desktop\W S 5-18 thru emsiupdate.pcapng
2019-05-18 11:11 - 2019-05-18 11:14 - 333135560 _____ C:\Users\oldman\Desktop\EmsisoftEmergencyKit.exe
2019-05-18 00:22 - 2019-05-18 00:22 - 000163792 _____ C:\Users\oldman\Desktop\W S logging into SaferNetworking 5-18.pcapng
2019-05-17 22:22 - 2019-05-17 22:22 - 016454912 _____ C:\Users\oldman\Desktop\W S 5-17 3.pcapng
2019-05-17 20:53 - 2019-05-17 20:53 - 000000200 _____ C:\Users\oldman\Desktop\Listening ports.txt
2019-05-17 18:15 - 2019-05-17 18:16 - 007025360 _____ (Malwarebytes) C:\Users\oldman\Desktop\AdwCleaner.exe
2019-05-17 18:15 - 2019-05-17 18:15 - 003611456 _____ C:\Users\oldman\Desktop\W S lateafternoon 5-17.pcapng
2019-05-17 17:35 - 2019-05-17 17:35 - 011084244 _____ C:\Users\oldman\Desktop\W S 5-17 2.pcapng
2019-05-17 17:34 - 2019-05-18 10:54 - 000000000 ____D C:\Users\oldman\Desktop\FRST-OlderVersion
2019-05-17 17:26 - 2019-05-17 17:26 - 264438511 _____ C:\Users\oldman\Desktop\ProcessMo.PML. CTL.PML
2019-05-17 16:59 - 2019-05-18 18:56 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2019-05-17 13:55 - 2019-05-17 13:55 - 022200660 _____ C:\Users\oldman\Desktop\W S 5-17 A.pcapng
2019-05-17 13:27 - 2019-05-17 13:27 - 000000695 _____ C:\Users\oldman\Desktop\Yahoo redirect full url as of 5-17.txt
2019-05-17 09:23 - 2019-05-17 09:23 - 000067817 _____ C:\Users\oldman\Desktop\43226650.pdf
2019-05-16 23:57 - 2019-05-16 23:57 - 019692844 _____ C:\Users\oldman\Desktop\5-16 5th.pcapng
2019-05-16 21:41 - 2019-05-16 21:41 - 000011980 _____ C:\Users\oldman\Desktop\5-16 ethernet 4 loop back.pcapng
2019-05-16 21:39 - 2019-05-16 21:39 - 072023512 _____ C:\Users\oldman\Desktop\W S 5-16 third local scanner in 1st 100.pcapng
2019-05-16 21:13 - 2019-05-16 21:13 - 010658676 _____ C:\Users\oldman\Desktop\W S 5-16 second.pcapng
2019-05-16 20:20 - 2019-05-16 23:29 - 000000197 _____ C:\Users\oldman\Desktop\Duckware infection 5-16.txt
2019-05-16 18:22 - 2019-05-16 18:23 - 000000000 ____D C:\Users\oldman\Desktop\adlice bot 5-16
2019-05-16 18:19 - 2019-05-16 18:19 - 000000135 _____ C:\Users\oldman\Desktop\5-16 stuff Y redir info.txt
2019-05-16 18:17 - 2019-05-16 18:17 - 033734900 _____ C:\Users\oldman\Desktop\W S 5-16.pcapng
2019-05-16 12:12 - 2019-05-16 12:17 - 000000000 ____D C:\Users\oldman\Desktop\5-15 IE cookies likely safe
2019-05-16 00:38 - 2019-05-16 00:38 - 000000780 _____ C:\Users\oldman\Desktop\MRI - Shortcut.lnk
2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
2019-05-14 16:47 - 2019-05-18 14:13 - 000000229 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
2019-05-10 09:13 - 2019-05-20 12:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-20 12:09 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-20 12:09 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-20 12:06 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
2019-05-20 12:03 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-20 12:02 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-05-20 12:01 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-20 12:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
2019-05-20 12:00 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-20 12:00 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-05-20 11:59 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
2019-05-20 11:58 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
2019-05-19 20:49 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
2019-05-19 20:11 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
2019-05-19 15:24 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
2019-05-18 19:54 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
2019-05-18 18:29 - 2018-06-02 15:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
2019-05-18 18:12 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-18 18:12 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-18 18:12 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
2019-05-18 15:49 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
2019-05-18 15:46 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
2019-05-18 14:45 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
2019-05-18 12:10 - 2017-05-28 15:25 - 000000000 ____D C:\EEK
2019-05-18 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
2019-05-18 09:50 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-17 22:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-16 21:21 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-16 21:19 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by oldman (20-05-2019 12:11:25)
Running from C:\Users\oldman\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

Packages:
=========
All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.139.500.0_x86__kgqvnymyfvs32 [2019-05-16] (king.com)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2019-05-15 16:04 - 2019-05-15 16:04 - 000158720 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\bfaba15225107d64a1ca5089d9f628b4\Interop.EKAiO2SDKLib.ni.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2019-05-15 16:05 - 2019-05-15 16:05 - 000301568 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\ebc75979fdd4f73eda4e4aa3974d6e26\Inkjet.Automation.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000076800 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\1d50106c70b058ee446a69dbd9d0365c\Inkjet.Configuration.ni.dll
2019-05-15 16:05 - 2019-05-15 16:05 - 000095232 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Devidd83fa01#\5e748ddf2bce6f1c5ca72d8427d5a197\Inkjet.DeviceSettings.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000101376 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\4583ba5b8ed25dbbfad142cee7a41688\Inkjet.Diagnostics.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000860672 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\f28566234fbd40dd84464627fcda3819\Inkjet.Hardware.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000235520 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\53cab144c1e2e8484e7204d8ea5a4603\Inkjet.Localization.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000178176 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\ce8a5fc2f2f0eebd219f20054b3231b6\Inkjet.Statistics.ni.dll
2019-05-15 16:04 - 2019-05-15 16:04 - 000328704 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\cab78a1d329d5d84060bfb725ebe3b93\Inkjet.Utilities.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 004334080 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\hp.supportf7f36df2d#\3ac57dcdf36e437d48248c4abfb1608a\hp.supportframework.localization.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 001539584 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\HP.SupportFcb4ea9d2#\f05e7ad82777632a751a3388608c784e\HP.SupportFramework.UI.ni.dll
2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

There are 7946 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-05-21 21:01 - 2019-05-19 20:42 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15617 more lines.

2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "KOBAAmon"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "KOBAAmon"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "Spy Protector"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE5993B9-03A9-46E9-8694-2765918F23AF}] => (Allow) LPort=9322
FirewallRules: [{C8A56426-7E8C-4E29-B1DE-1199BAF03A24}] => (Allow) LPort=5353
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-05-2019 13:03:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.

Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.

Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.

Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.

Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.

Error: (05/20/2019 12:02:06 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/20/2019 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.

System errors:
=============
Error: (05/20/2019 12:01:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (05/20/2019 12:01:46 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (05/19/2019 06:29:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
and APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/19/2019 06:29:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
and APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/19/2019 04:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The APXACC service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (05/19/2019 04:33:04 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (05/19/2019 04:28:16 PM) (Source: DCOM) (EventID: 10000) (User: eustace)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"0"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/19/2019 04:28:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

CodeIntegrity:
===================================

Date: 2019-05-20 12:01:59.049
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-20 12:01:58.992
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-20 12:01:58.915
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-20 12:01:58.838
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-19 16:33:17.011
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-19 16:33:16.722
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-19 16:33:16.400
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-19 16:33:15.997
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde F.26 02/21/2013
Motherboard: Hewlett-Packard 1849
Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3554.26 MB
Available physical RAM: 1459.38 MB
Total Virtual: 6370.26 MB
Available Virtual: 4259.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:567.72 GB) (Free:318.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT

\\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
\\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
\\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
\\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)

==================== End of Addition.txt ============================

1oldman

2019-05-20, 21:59

The site/software Duckware I mentioned in the previous post is without a doubt legitimate, my concern is that it has been modified as I don't recognize it at all. If anyone has info on the entry on the log I highlighted I would be interested to hear it.
Cheers

Juliet

2019-05-20, 23:25

The multiple addresses that showed for adlice (RogueKiller), are genuine and correct. Over time/years there have been several.

and I see network connections from time to time that I can't make sense of

I also in mDNS devices at random times, a program called, I believe, tcp-scan-local(close approximation only), it says its attached to my Kodak software... the one with all the unsigned files, and is connecting to a lot more than I believe it really needs access to
Anything on your computer that has an auto updater wrote into the program will connect randomly for an update, some are necessary and some I think are just a bunch of hooey.
All I can do is take out the task associated to the tool to stop traffic for the update.

At one time did you download something related to PhotoFinder?
From what I can find the file (Duckware) C:\Users\oldman\x.exe could possibly be from there.

~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
U4 npcap_wifi; no ImagePath
C:\Users\oldman\x.exe
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
C:\Windows\Temp\*.*
End::

Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
If you could please, uninstall/remove any version you have on your machine for RogueKiller. and we can attempt to download an updated version.
Before running the tool if you could temporarily disable Nortons so it can run without conflict.

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

~~~

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete Apply Actions to any found entries.
Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options: > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post these logs when finished.

Juliet

2019-05-21, 15:19

script edited, sorry.

1oldman

2019-05-22, 10:14

About the logs, After running the latest FRST fix, (the script did its thing flawlessly, thanks again) I was able to download RK and Mbam through your links, run them without any problem and get the logs posted.
As for the "strange things" part of of the title... At this point, the best I've been able to get out of the browser is by sticking with the bookmarks and internal links on legit sites, although I'm still a Yahoo cookie magnet. I managed to get the browser to switch to google search,
this left me with a search bar that gave me the results you will see in the attached Screen shots. (irrelevant, useless results) Note that in both examples I searched "jexepackers" in one and "jexepacker threat" in the other. this was done from the search bar then, the resulting url, I copy/pasted to the notepads you see. Funny, how a browser can misread an entry then result something like "jetpack" but I guess nobody is perfect, eh? Now, about why I'm searching jexepackers, (as well as code.jquery) I see these things in my "shark logs" this leads to learning what I can about wpad as well as a lot of other security settings and "stuff".

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by oldman (21-05-2019 11:28:26) Run:4
Running from C:\Users\oldman\Desktop
Loaded Profiles: oldman (Available Profiles: oldman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
U4 npcap_wifi; no ImagePath
C:\Users\oldman\x.exe
2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully
npcap_wifi => service removed successfully
C:\Users\oldman\x.exe => moved successfully
"C:\Users\oldman\x.exe" => not found

=========== "C:\Windows\Temp\*.*" ==========

not found

========= End -> "C:\Windows\Temp\*.*" ========

The system needed a reboot.

==== End of Fixlog 11:30:00 ====
RogueKiller Anti-Malware V13.2.0.0 (x64) [May 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : oldman [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190521_110536, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/21 11:53:08 (Duration : 01:32:26)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Hosts file is too big

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/19
Scan Time: 6:20 PM
Log File: 1de4401f-54dd-11e9-80c0-38eaa7eb314f.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.9962
License: Trial

-System Information-
OS: Windows 10 (Build 17763.379)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 347886
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 56 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

These will be the full urls (disabled by the usual space)That I mentioned were displayed by the browser while searching jexepacks
https://www.google. com/search?client=firefox-b-1-d&q=jexepackers
https://www.google. com/search?client=firefox-b-1-d&q=jexepack+threat
See attached screenshots of the pages that loaded.

I nearly forgot to answer this from a previous post, sorry.
From what I can find the file (Duckware) C:\Users\oldman\x.exe could possibly be from there."

No, not intentionally but a drive by is always a possibility. I have a few thoughts on this duck "stuff", could be related to "Donald Duck" (More on that in updates).

After yesterdays post, I was clearing Super cookies with my STM program. As I scrolled over the process monitor, I came across a FF browser running after I closed the window. This is something I've never seen before but the most concerning part to me, is that on the program description area of the line was Text from a post (update) that I had made to you. This has never happened and have no idea why it displayed that way. I'll keep you updated.

Cheers

1oldman

2019-05-22, 11:05

I believe I posted the wrong Mbam log previously this should be the correct one.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/21/19
Scan Time: 1:00 AM
Log File: 1a4b8360-7b96-11e9-9fac-38eaa7eb314f.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10690
License: Expired

-System Information-
OS: Windows 10 (Build 17763.503)
CPU: x64
File System: NTFS
User: eustace\oldman

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 9 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

I have disabled the Phone in my win10 system some time ago, was surprised to see it running yesterday with a couple accounts I don't recognize. I'm attaching some screen shots to demonstrate, also my Norton settings are still being an issue. a couple shots of from the IE settings page, there are a total of 15 of these "firewall" items, those are new to me also. any thoughts?

Juliet

2019-05-22, 15:26

I have disabled the Phone in my win10 system some time ago, was surprised to see it running yesterday with a couple accounts I don't recognize. I'm attaching some screen shots to demonstrate, also my Norton settings are still being an issue. a couple shots of from the IE settings page, there are a total of 15 of these "firewall" items, those are new to me also. any thoughts?
The windows phone will be there till its completely removed. Would include anything related to it throughout the computer.
From what I was reading (Not understanding much of it Remove-AppxPackage? ) It's not uncommon to have left over firewall rules for many items, some are games, some are for tools, messengers, very long list.

At this time please uninstall Java 8 Update 211
if later you should run into something that its required you can download the most current version.

Your Norton settings, it's possible it should be removed and then downloaded again. Not saying this is a cure but, it might possibly re-enable something thats giving you fits now or, I can give you a list of free or paid for antivirus and security suites.

~~~~

Firefox had an update this morning, it says it has upped your protection against ad trackers.
https://www.mozilla.org/en-US/firefox/67.0/whatsnew/?oldversion=66.0.5

Turning off Autofill in Firefox

Click on the Firefox menu icon. (Three lines at top right of screen.)
Click on Preferences.
Choose the Privacy.
In the History section choose Firefox will: 'Use custom settings for history.'
Uncheck 'Remember search and form history.'
Click OK.

Clear Your Cache on Any Browser
https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
https://www.pcmag.com/article/333441/how-to-clear-your-cache-on-any-browser
```````````

I really don't think the issues here is malware related, it's through some type of setting in a program somewhere thats not giving the results we're looking for but,
Just for peace of mind I'd like for you to run a rootkit scan.

You will probably have to temporarily disable Nortons for this tool to run.
if you should get some type of alert this is a malicious tool, let me assure you it is not and it is often used for a deeper scanning.

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

1oldman

2019-05-24, 07:57

"The windows phone will be there till its completely removed."
Done, those two unknown accounts were creeping me out. I let the STM program do it for me. Not sure how exactly the phone program was removed but it involved about one and a half command lines in power shell. It's worth noting that I haven't had any conflicts or issues (that I know of) so far, since completely removing it from the system.

The Firewall entry stuff in IE Cache? I'm finding that to be a very dynamic list, the entries I showed last post have disappeared. I'll just watch and learn for a while to understand what I'm seeing, that never hurts.

"At this time please uninstall Java 8 Update 211"
Thanks so much for that! wasn't sure if it was needed at the moment. The jscript stuff, until I learn a lot more about it, is kinda spooky to me from what I'm reading lately.

"Firefox had an update this morning, it says it has upped your protection against ad trackers."
I grabbed that as soon as it was available, a couple of notable additions were in cookie blocking, you have an option for cryptominers and fingerprinting. I'm running them both enabled and haven't seen any conflicts yet.

"Turning off Autofill in Firefox"
"Clear Your Cache on Any Browser"
Great info! thanks, I really need to do that.

I'm still trying to figure out how to export the fixlog from mbar, it came up clean, but I'm not seeing any way to export a clean scan result. I'm ok with clean scans, especially the mbar. It agrees with Nortons root scanner, that things are clean. You can't do much better than that.

I did do an R&R on the Norton (I noticed it saving user settings so I'll repeat with advanced options) but the malware issues are, I'm very certain, cleaned up. Thank you so much for the links and advice.

At this point, I'll go back to learning what I can about avoiding the problems in the first place. I have a lot to learn about security and settings in general, what do I use for proxy settings? for example. right now, I'm on system settings. (which should be covered by Norton)

Again, thanks and have an awesome weekend!:cool:

Juliet

2019-05-24, 14:03

Read the below for quick info related to using a proxy, proxy settings.
https://support.mozilla.org/en-US/kb/connection-settings-firefox

A tool I use and feel secure with is an addon NoScript.
People do get tired of it quickly it seems but I just enable/disable it when needed and it hasn't stopped me from doing anything I need to do. (I keep the addons window open at all times to make this a quick procedure)
When web sites or if something wont run, just simply disable it and refresh the page. I find it amazing how web pages add java script for so many details on their sites. One major venue in getting infected is clicking on links and being redirected or injected with (fill in the blank here since so there are so many different malicious items using this technique)

Firefox
https://noscript.net/

Google Chrome
https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en

~~~~~~~~~~~~~~~

I think we can remove tools and quarantine folders now, good chance in future virus scans they'll be found and then some might freak out a bit.

Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

1oldman

2019-05-25, 00:00

Thanks for those links, I'll be making good use of that stuff. In particular the noscript looks exactly like what I need.
Norton of course flagged delfix as threat and quarantined it as a SAPE. I'm familiar enough with the tools here by now to "replace" the tool and run it, just thought other users should be aware of this when they come across it in the future. It seems they flag it because it has to have SAPE characteristics to do what its supposed to do, (and it did)
I attached a shot of the warning page from Symantec, any ideas about letting them know this file is good? They know thousands of times, community members have used the file without problems.

:)

# DelFix v1.010 - Logfile created 24/05/2019 at 15:07:04
# Updated 26/04/2015 by Xplode
# Username : oldman - EUSTACE
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\oldman\Desktop\FRST-OlderVersion
Deleted : C:\Users\oldman\Desktop\mbar
Deleted : C:\Users\oldman\Desktop\Addition.txt
Deleted : C:\Users\oldman\Desktop\AdwCleaner.exe
Deleted : C:\Users\oldman\Desktop\Fixlog.txt
Deleted : C:\Users\oldman\Desktop\FRST.txt
Deleted : C:\Users\oldman\Desktop\FRST64.exe
Deleted : C:\Users\oldman\Desktop\HijackThis.exe
Deleted : C:\Users\oldman\Desktop\hijackthis.log
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Juliet

2019-05-25, 13:30

I attached a shot of the warning page from Symantec, any ideas about letting them know this file is good? They know thousands of times, community members have used the file without problems.

Best way I can think of, people who have accounts with Nortons is to keep reporting it.
In their eyes, I can't because, I'm just a small tech they don't know and probably really don't care.

Safe Surfing.

1oldman

2019-05-26, 00:12

"Best way I can think of, people who have accounts with Nortons is to keep reporting it."
-Oh, I'm "all over" that advice. After 3+ hours of remote... Lets just say they are keeping in touch and listening. I'll keep you updated on how that goes.

The two links you posted previously on proxy settings wouldn't load from the link in the post, I'll play around with them and see what I can do about finding the site pages. As for the noscript... that is one awesome program, can't thank you enough for that. I'm just learning the basics of it and already I love what it does!

If I can ask just one more question, I would like to know what you make of the screen shots I have attached with this reply, I believe they are associated with the winphone I dumped from my system. They aren't mine and I wouldn't use that number of characters in a password even if I did create them. I wasn't able to change the password, although I would love to have been able to... I settled for removing them and I'll keep an eye on that in the future.
No hurries, no worries on a quick response, enjoy the weekend.

About that "POP" in the screen shots, did I see somewhere in the scans a POP detection? I'll go over the logs I have available and will let you know what I find.

Juliet

2019-05-26, 03:03

I have to login in daily since I work on multiple forums...but, a couple of months ago I was retired from teaching malware removal at a different site so that did kinda give me comfort. (Not old enough to retire in real life dang it)

Let me answer a couple of questions here.

SSO POP user/s
Point of presence (POP) is the point at which two or more different networks or communication devices build a connection with each other. POP mainly refers to an access point, location or facility that connects to and helps other devices establish a connection with the Internet.

In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. .

Device single sign-on (SSO) Single sign-on (SSO) enables users to access multiple resources (that is, applications and adapter procedures) by authenticating only once.

The two links you posted previously on proxy settings wouldn't load from the link in the post,
By chance was NoScript enabled?

1oldman

2019-05-26, 05:56

Juliet

2019-05-26, 14:09

(Not old enough to retire in real life dang it) - It ain't all it's cracked up to be in the brochures, I recommend a significant lottery win or other substantial windfall first.
The noscript is awesome, just what I needed, thanks so much. still getting the hang of it but I love it already.
About the POP info, who creates these and why would It be Password protected from me?
I'm trying to understand just what their function was in my case, just curious.
:cool:
lottery win......LOL!

NoScript is a must have and after you've worked with it a short while it's like something you don't want to be without.

Let me show you a couple of links defining POP info

When you use Office 365 applications such as Outlook 2016, Skype for Business, Word, Excel and others Single Sign On (SSO)
The sso pop user and device are part of the Credentials Manager components of the Single Sign-On portion of Microsoft accounts which are used on current versions of Windows.

https://answers.microsoft.com/en-us/windows/forum/all/what-is-ssopop/aceb7c7b-7444-46b0-88f8-c306641f1573

https://www.bleepingcomputer.com/forums/t/665247/how-to-identify-sso-pop-device/
https://www.reddit.com/r/Windows10/comments/3unf28/why_is_sso_pop_device_listed_under_windows/

1oldman

2019-05-30, 07:18

Thanks for keeping the thread open while I continue my education. I'm loving the noscript, learning fast and I'll never surf without it again. The links to POP and related stuff were much appreciated, a great way to share info, that cleared up one mystery, one less thing to worry about. I've been working on securing things on this computer, making some progress but I ran into an issue that I didn't see coming. Yesterday the wireshark was having some display problems, I think OK, no problem and do an un-re-install of the program (life should be so easy). Anyway, I notice a usbcap option, that was new to the updated version I had... Long story short, as soon as I rebooted and logged in I discovered that my wireless mouse had decided to quit working, same for my corded razor super deluxe gaming mouse, although the power to the cooling pad still worked through a usb port that was otherwise useless. I played around with settings, drivers etc. ran Mbam, came up clean. To me, in the moment, it seemed like I had messed up something on the reinstall and just needed to sort it out. I'm thinking, just do a system restore and save a little time since I'm not making any ground, (being digitally challenged can be challenging as that's where I found that I had no restore points saved). At one point, while giving my wife a hand, I decide to run Nortons rootscan (PE) I'll attach a shot of the detections, copying the log is eluding my skill set at the moment, but the detections were interesting. Although the dates on the files were 5-26 I'm thinking either that was misnamed on purpose or I had a virus just waiting for a trigger. Of course that would be a "Lottery winning longshot" considering the point at which my usb problem surfaced. I always try to not confuse correlational with causation but as soon as I fixed those two detections and rebooted, you guessed it, the mouses and usb situation returned to nominal, (nominal, I love that word). Afterwards, I also ran the Mbar out of curiosity, but that one came up clean.
I'm still seeing connections in the wireshark that I don't prefer to see, I'll attach a shot of a couple packets as an example, just in case you have any thoughts on what I'm looking at. I hate seeing redirector mentioned but I realize that could be legit.
I'm working on learning how to use the shark and VT, hoping to get some pointers from those communities as I go as there is a lot of information to filter out to find what your looking for. I'll follow up after I run a full system scan and hear back from Norton.
:bigthumb: The noscript caught my wifes facebook trying to run script on our banking page as soon as it loaded, that seemed beyond intrusive and it was a pleasure to block it.:)

Juliet

2019-05-30, 13:07

What your seeing through the wireshark tool I can't help with. Myself I've never used it but one thing I noticed

I notice a usbcap option, that was new to the updated version I had... Long story short, as soon as I rebooted and logged in I discovered that my wireless mouse had decided to quit working, same for my corded razor super deluxe gaming mouse, although the power to the cooling pad still worked through a usb port that was otherwise useless.
Anyway to go into tool settings to allow access for the USB's that were blocked?
I'm not sure exactly how to proceed here other then posting questions at the wireshark help forums?
https://ask.wireshark.org/questions/
I feel sure you would have to register as a user to use or ask questions at this forum or read over the pages of questions already asked.

Now for what Nortons captured, if you google the exe's that were found, they are also legit.
Couple of things here
Could be a false detection, join/register at their web site to ask why those legit Microsoft processes were considered viruses.
https://community.norton.com/

1oldman

2019-05-31, 09:13

Thanks for the updated info, I couldn't find any way to manually get the usb system working, they just returned to normal after the PE fix. I do have an account with wireshark community, just need to figure out phrasing my questions so as not to sound confusing, one of the hazards of learning new games. As for Norton community, I'll give that another shot but I haven't had a lot of luck, your reply gives me a particular angle to try. wish me luck. Again, your help is priceless, thanks so much. :cool:

Juliet

2019-05-31, 13:14

Let's remove tools and quarantine folders.

Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

***************

Your good to go, safe surfing.

1oldman

2019-05-31, 21:00

:bigthumb:

Juliet

2019-06-01, 12:53

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.