Results 1 to 10 of 31

Thread: The usual redirects, with a possible kernel rootkit, thrown in for good measure.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default The usual redirects, with a possible kernel rootkit, thrown in for good measure.

    I should have formatted and reinstalled the OS on this machine last summer but I've been playing around with it, trying to understand the connectivity issues that came up last summer when I posted about getting hacked, I'll post the FRST results showing some typical (for me) problems, but the main issue I'm asking about is some suspicious text in my zamgaurd driver. My security task manager using virustotal's scanner gives the ZG driver a rating of clean and harmless, there is however a very long string of text in the file, almost all total failures and/or issues. Rather than try describing this text I'll attach png's of the results, hopefully avoiding some confusion. Considering the TDL3&4 detections (If they are real) I'm assuming a WAN miniport/Kernel rootkit would be probable. It's worth noting, Nortons PE didn't detect it and I haven't run mbar yet, thought I'd ask for an opinion before going further.
    Thanks and I'll give more detail as size limits allow.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
    Ran by oldman (administrator) on EUSTACE (16-10-2018 16:04:45)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\nsWscSvc.exe
    () C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{f541e8b7-cc70-4d7e-8a81-5451f2cae84b}: [DhcpNameServer] 192.168.0.1 205.171.3.66

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: oz3zen8u.default-1466821123041-1535496511206
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 [2018-10-16]
    FF HomepageOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonhomepage@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonhomepage@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206 -> Enabled: nortonsafesearch_ul_2@symantec.com
    FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\@contain-facebook.xpi [2018-08-30]
    FF Extension: (Firefox Multi-Account Containers) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\@testpilot-containers.xpi [2018-09-02]
    FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonhomepage@symantec.com.xpi [2018-09-28]
    FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-10-15]
    FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\Extensions\nortonsafeweb@symantec.com.xpi [2018-10-08]
    FF Extension: (Telemetry coverage) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\oz3zen8u.default-1466821123041-1535496511206\features\{374557bb-f68c-423e-b135-6dce4ae0bd0d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (Jet Propulsion Laboratory)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR NewTab: Default -> Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
    CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
    CHR DefaultSearchKeyword: Default -> NortonSafe
    CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
    CHR Profile: C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default [2018-08-26]
    CHR Extension: (Norton Security Toolbar) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-05-30]
    CHR Extension: (Norton Home Page for Chrome) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-08-08]
    CHR Extension: (Norton Safe) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-08-08]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-30]
    CHR Extension: (Chrome Media Router) - C:\Users\oldman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-19]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.0.247\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.0.247\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.0.247\NortonSecurity.exe [328648 2018-10-05] (Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3232448 2018-05-04] ()
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.0.247\nsWscSvc.exe [915712 2018-10-05] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181015.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\ccSetx64.sys [190424 2018-10-05] (Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181015.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
    S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SRTSP64.SYS [832192 2018-10-05] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\SRTSPX64.SYS [49856 2018-10-05] (Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SYMEFASI64.SYS [1969136 2018-10-05] (Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\SymELAM.sys [25608 2018-10-05] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114256 2018-09-11] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\1610000.0F7\Ironx64.SYS [308304 2018-10-05] (Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\symnets.sys [566912 2018-10-05] (Symantec Corporation)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610000.0F7\wpCtrlDrv.sys [1010856 2018-10-05] (Symantec Corporation)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-10-16 16:04 - 2018-10-16 16:06 - 000023605 _____ C:\Users\oldman\Desktop\FRST.txt
    2018-10-16 16:04 - 2018-10-16 16:04 - 000000000 ____D C:\FRST
    2018-10-16 15:28 - 2018-10-16 15:28 - 000002308 _____ C:\Users\oldman\Desktop\Tweaking.com - Registry Backup.lnk
    2018-10-16 15:28 - 2018-10-16 15:28 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-10-16 15:28 - 2018-10-16 15:28 - 000000000 ____D C:\RegBackup
    2018-10-16 15:23 - 2018-10-16 15:23 - 005198336 _____ (AVAST Software) C:\Users\oldman\Desktop\aswMBR.exe
    2018-10-16 15:22 - 2018-10-16 15:22 - 002414592 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
    2018-10-16 15:20 - 2018-10-16 15:21 - 005766144 _____ (Tweaking.com) C:\Users\oldman\Desktop\tweaking.com_registry_backup_setup(1).exe
    2018-10-16 14:49 - 2018-10-16 14:49 - 000000072 _____ C:\Users\oldman\Desktop\kernal RK.txt
    2018-10-16 12:39 - 2018-10-16 12:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2018-10-16 11:46 - 2018-06-04 21:23 - 000009618 _____ C:\WINDOWS\ntbtlog.txt
    2018-10-16 11:24 - 2018-10-16 16:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2018-10-16 11:24 - 2018-10-16 11:24 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-10-16 11:23 - 2018-10-16 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2018-10-16 11:06 - 2018-10-16 11:06 - 002187304 _____ (LogMeIn, Inc.) C:\Users\oldman\Downloads\Support-LogMeInRescue(6).exe
    2018-10-16 08:56 - 2018-10-16 08:56 - 001583270 _____ C:\Users\oldman\Downloads\BackDoor.Tdss.565_(aka TDL3)_en.pdf
    2018-10-16 08:36 - 2018-09-29 21:59 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181016-083655.backup
    2018-10-11 20:59 - 2018-09-21 03:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-10-11 20:59 - 2018-09-20 21:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-10-11 20:59 - 2018-09-19 22:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-10-11 20:59 - 2018-09-19 22:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-10-11 20:59 - 2018-09-19 22:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-10-11 20:59 - 2018-09-19 22:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-10-11 20:59 - 2018-09-19 22:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-10-11 20:59 - 2018-09-19 22:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-10-11 20:59 - 2018-09-19 22:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-10-11 20:59 - 2018-09-19 22:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-10-11 20:59 - 2018-09-19 21:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-10-11 20:59 - 2018-09-19 21:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-10-11 20:59 - 2018-09-19 21:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-10-11 20:59 - 2018-09-19 21:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-10-11 20:59 - 2018-09-19 21:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-10-11 20:59 - 2018-09-07 21:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2018-10-11 20:59 - 2018-09-07 21:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-10-11 20:59 - 2018-09-07 21:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2018-10-11 20:59 - 2018-09-07 21:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-10-11 20:58 - 2018-09-21 02:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-10-11 20:58 - 2018-09-20 22:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2018-10-11 20:58 - 2018-09-20 22:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-10-11 20:58 - 2018-09-20 22:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-10-11 20:58 - 2018-09-20 22:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2018-10-11 20:58 - 2018-09-20 22:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-10-11 20:58 - 2018-09-20 22:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-10-11 20:58 - 2018-09-20 22:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2018-10-11 20:58 - 2018-09-20 22:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-10-11 20:58 - 2018-09-20 22:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-10-11 20:58 - 2018-09-20 22:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2018-10-11 20:58 - 2018-09-20 22:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-10-11 20:58 - 2018-09-20 22:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-10-11 20:58 - 2018-09-20 22:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-10-11 20:58 - 2018-09-20 22:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-10-11 20:58 - 2018-09-20 22:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-10-11 20:58 - 2018-09-20 22:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-10-11 20:58 - 2018-09-20 21:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-10-11 20:58 - 2018-09-20 21:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-10-11 20:58 - 2018-09-20 21:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2018-10-11 20:58 - 2018-09-20 21:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-10-11 20:58 - 2018-09-20 21:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-10-11 20:58 - 2018-09-20 21:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-10-11 20:58 - 2018-09-20 21:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-10-11 20:58 - 2018-09-20 21:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-10-11 20:58 - 2018-09-20 21:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-10-11 20:58 - 2018-09-20 21:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-10-11 20:58 - 2018-09-20 21:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-10-11 20:58 - 2018-09-20 21:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2018-10-11 20:58 - 2018-09-20 21:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-10-11 20:58 - 2018-09-20 21:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-10-11 20:58 - 2018-09-20 21:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-10-11 20:58 - 2018-09-20 21:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-10-11 20:58 - 2018-09-20 03:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-10-11 20:58 - 2018-09-20 03:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-10-11 20:58 - 2018-09-20 03:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-10-11 20:58 - 2018-09-20 03:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-10-11 20:58 - 2018-09-20 03:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-10-11 20:58 - 2018-09-20 03:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-10-11 20:58 - 2018-09-20 02:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-10-11 20:58 - 2018-09-20 02:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-10-11 20:58 - 2018-09-20 02:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-10-11 20:58 - 2018-09-20 02:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-10-11 20:58 - 2018-09-19 22:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2018-10-11 20:58 - 2018-09-19 22:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2018-10-11 20:58 - 2018-09-19 22:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-10-11 20:58 - 2018-09-19 22:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-10-11 20:58 - 2018-09-19 22:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-10-11 20:58 - 2018-09-19 22:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-10-11 20:58 - 2018-09-19 22:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-10-11 20:58 - 2018-09-19 22:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-10-11 20:58 - 2018-09-19 22:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-10-11 20:58 - 2018-09-19 22:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-10-11 20:58 - 2018-09-19 22:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-10-11 20:58 - 2018-09-19 22:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-10-11 20:58 - 2018-09-19 22:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2018-10-11 20:58 - 2018-09-19 22:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-10-11 20:58 - 2018-09-19 22:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2018-10-11 20:58 - 2018-09-19 22:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-10-11 20:58 - 2018-09-19 22:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-10-11 20:58 - 2018-09-19 22:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-10-11 20:58 - 2018-09-19 21:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-10-11 20:58 - 2018-09-19 21:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-10-11 20:58 - 2018-09-19 21:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-10-11 20:58 - 2018-09-19 21:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-10-11 20:58 - 2018-09-19 21:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-10-11 20:58 - 2018-09-19 21:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-10-11 20:58 - 2018-09-19 21:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-10-11 20:58 - 2018-09-19 21:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-10-11 20:58 - 2018-09-19 21:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-10-11 20:58 - 2018-09-19 21:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-10-11 20:58 - 2018-09-08 02:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2018-10-11 20:58 - 2018-09-08 02:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-10-11 20:58 - 2018-09-08 02:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2018-10-11 20:58 - 2018-09-08 02:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2018-10-11 20:58 - 2018-09-08 02:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2018-10-11 20:58 - 2018-09-08 02:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-10-11 20:58 - 2018-09-08 01:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-10-11 20:58 - 2018-09-08 01:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
    2018-10-11 20:58 - 2018-09-08 01:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2018-10-11 20:58 - 2018-09-08 01:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2018-10-11 20:58 - 2018-09-08 01:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2018-10-11 20:58 - 2018-09-08 01:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2018-10-11 20:58 - 2018-09-08 01:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
    2018-10-11 20:58 - 2018-09-08 01:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2018-10-11 20:58 - 2018-09-08 01:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2018-10-11 20:58 - 2018-09-08 01:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2018-10-11 20:58 - 2018-09-08 01:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2018-10-11 20:58 - 2018-09-08 01:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2018-10-11 20:58 - 2018-09-08 01:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
    2018-10-11 20:58 - 2018-09-08 01:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2018-10-11 20:58 - 2018-09-08 01:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-10-11 20:58 - 2018-09-08 01:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2018-10-11 20:58 - 2018-09-08 01:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2018-10-11 20:58 - 2018-09-08 01:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2018-10-11 20:58 - 2018-09-08 00:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2018-10-11 20:58 - 2018-09-08 00:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2018-10-11 20:58 - 2018-09-08 00:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2018-10-11 20:58 - 2018-09-08 00:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
    2018-10-11 20:58 - 2018-09-08 00:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2018-10-11 20:58 - 2018-09-08 00:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2018-10-11 20:58 - 2018-09-08 00:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
    2018-10-11 20:58 - 2018-09-08 00:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2018-10-11 20:58 - 2018-09-08 00:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
    2018-10-11 20:58 - 2018-09-07 22:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2018-10-11 20:58 - 2018-09-07 21:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2018-10-11 20:58 - 2018-09-07 21:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2018-10-11 20:58 - 2018-09-07 21:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-10-11 20:58 - 2018-09-07 21:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2018-10-11 20:58 - 2018-09-07 21:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-10-11 20:58 - 2018-09-07 21:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2018-10-11 20:58 - 2018-09-07 21:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-10-11 20:58 - 2018-09-07 21:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-10-11 20:58 - 2018-09-07 21:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
    2018-10-11 20:58 - 2018-09-07 21:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-10-11 20:58 - 2018-09-07 21:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2018-10-11 20:58 - 2018-09-07 21:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-10-11 20:58 - 2018-09-07 21:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-10-11 20:58 - 2018-09-07 21:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-10-11 20:58 - 2018-09-07 21:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2018-10-11 20:58 - 2018-09-07 21:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
    2018-10-11 20:58 - 2018-09-07 21:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2018-10-11 20:58 - 2018-09-07 21:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2018-10-11 20:58 - 2018-09-07 21:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2018-10-11 20:58 - 2018-09-07 21:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
    2018-10-11 20:58 - 2018-09-07 21:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2018-10-11 20:58 - 2018-09-07 21:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-10-11 20:58 - 2018-09-07 21:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-10-11 20:58 - 2018-09-07 21:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-10-11 20:58 - 2018-09-07 21:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2018-10-11 20:58 - 2018-09-07 21:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-10-11 20:58 - 2018-09-07 21:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-10-11 20:58 - 2018-09-07 21:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
    2018-10-11 20:58 - 2018-09-07 21:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2018-10-11 20:58 - 2018-09-07 21:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2018-10-11 20:58 - 2018-09-07 21:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-10-11 20:58 - 2018-09-07 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2018-10-11 20:58 - 2018-09-07 21:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2018-10-11 20:58 - 2018-09-07 21:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2018-10-11 20:58 - 2018-09-07 21:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-10-11 20:58 - 2018-09-07 21:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-10-11 20:58 - 2018-09-07 21:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2018-10-11 20:58 - 2018-09-07 21:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2018-10-11 20:58 - 2018-09-07 21:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
    2018-10-11 20:58 - 2018-09-07 21:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
    2018-10-11 20:58 - 2018-09-07 21:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
    2018-10-11 20:58 - 2018-09-07 21:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2018-10-11 20:57 - 2018-09-21 03:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2018-10-11 20:57 - 2018-09-21 02:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2018-10-11 20:57 - 2018-09-20 22:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-10-11 20:57 - 2018-09-20 22:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-10-11 20:57 - 2018-09-20 22:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-10-11 20:57 - 2018-09-20 22:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-10-11 20:57 - 2018-09-20 21:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-10-11 20:57 - 2018-09-20 21:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-10-11 20:57 - 2018-09-20 21:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-10-11 20:57 - 2018-09-20 21:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-10-11 20:57 - 2018-09-20 21:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-10-11 20:57 - 2018-09-20 21:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-10-11 20:57 - 2018-09-20 21:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-10-11 20:57 - 2018-09-20 21:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-10-11 20:57 - 2018-09-20 03:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-10-11 20:57 - 2018-09-20 03:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-10-11 20:57 - 2018-09-20 03:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-10-11 20:57 - 2018-09-20 03:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
    2018-10-11 20:57 - 2018-09-20 03:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2018-10-11 20:57 - 2018-09-20 02:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-10-11 20:57 - 2018-09-20 02:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
    2018-10-11 20:57 - 2018-09-20 02:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-10-11 20:57 - 2018-09-20 02:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2018-10-11 20:57 - 2018-09-20 00:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-10-11 20:57 - 2018-09-19 23:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-10-11 20:57 - 2018-09-19 22:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2018-10-11 20:57 - 2018-09-19 22:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-10-11 20:57 - 2018-09-19 22:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-10-11 20:57 - 2018-09-19 22:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-10-11 20:57 - 2018-09-19 22:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-10-11 20:57 - 2018-09-19 22:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-10-11 20:57 - 2018-09-19 22:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-10-11 20:57 - 2018-09-19 22:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2018-10-11 20:57 - 2018-09-19 22:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2018-10-11 20:57 - 2018-09-19 22:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2018-10-11 20:57 - 2018-09-19 22:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-10-11 20:57 - 2018-09-19 22:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-10-11 20:57 - 2018-09-19 22:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-10-11 20:57 - 2018-09-19 22:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-10-11 20:57 - 2018-09-19 22:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-10-11 20:57 - 2018-09-19 22:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-10-11 20:57 - 2018-09-19 21:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
    2018-10-11 20:57 - 2018-09-19 21:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2018-10-11 20:57 - 2018-09-19 21:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-10-11 20:57 - 2018-09-19 21:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-10-11 20:57 - 2018-09-19 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-10-11 20:57 - 2018-09-19 21:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2018-10-11 20:57 - 2018-09-19 20:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
    2018-10-11 20:57 - 2018-09-19 19:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2018-10-11 20:57 - 2018-09-08 01:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-10-11 20:57 - 2018-09-08 01:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2018-10-11 20:57 - 2018-09-08 01:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
    2018-10-11 20:57 - 2018-09-08 01:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-10-11 20:57 - 2018-09-08 01:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
    2018-10-11 20:57 - 2018-09-08 01:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2018-10-11 20:57 - 2018-09-08 01:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2018-10-11 20:57 - 2018-09-08 01:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
    2018-10-11 20:57 - 2018-09-08 01:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2018-10-11 20:57 - 2018-09-08 01:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2018-10-11 20:57 - 2018-09-08 01:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2018-10-11 20:57 - 2018-09-08 01:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2018-10-11 20:57 - 2018-09-08 01:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2018-10-11 20:57 - 2018-09-08 01:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2018-10-11 20:57 - 2018-09-08 01:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-10-11 20:57 - 2018-09-08 01:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-10-11 20:57 - 2018-09-08 01:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
    2018-10-11 20:57 - 2018-09-08 00:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2018-10-11 20:57 - 2018-09-08 00:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2018-10-11 20:57 - 2018-09-08 00:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2018-10-11 20:57 - 2018-09-07 21:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-10-11 20:57 - 2018-09-07 21:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-10-11 20:57 - 2018-09-07 21:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
    2018-10-11 20:57 - 2018-09-07 21:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2018-10-11 20:57 - 2018-09-07 21:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
    2018-10-11 20:57 - 2018-09-07 21:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-10-11 20:57 - 2018-09-07 21:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2018-10-11 20:57 - 2018-09-07 21:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2018-10-11 20:57 - 2018-09-07 21:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2018-10-11 20:57 - 2018-09-07 21:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
    2018-10-11 20:57 - 2018-09-07 21:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
    2018-10-11 20:57 - 2018-09-07 21:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2018-10-11 20:57 - 2018-09-07 21:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2018-10-11 20:57 - 2018-09-07 21:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2018-10-11 20:57 - 2018-09-07 21:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
    2018-10-11 20:57 - 2018-09-07 21:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
    2018-10-11 20:57 - 2018-09-07 21:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
    2018-10-11 20:57 - 2018-09-07 21:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
    2018-10-11 20:57 - 2018-09-07 21:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
    2018-10-11 12:18 - 2018-10-11 12:18 - 000000000 ____D C:\Users\oldman\Desktop\DJ's Scans
    2018-10-07 15:59 - 2018-10-07 16:00 - 000391138 _____ C:\Users\oldman\Downloads\QualityAssuranceTestingProtocols.pdf
    2018-10-07 15:52 - 2018-10-07 15:52 - 000753141 _____ C:\Users\oldman\Downloads\MetrcMTTestingLabUserGuide.pdf
    2018-10-07 15:52 - 2018-10-07 15:52 - 000091218 _____ C:\Users\oldman\Downloads\37-839adp-arm.pdf
    2018-10-01 12:57 - 2018-10-01 12:59 - 009945221 _____ C:\Users\oldman\Desktop\HealthSummary20181001.zip
    2018-10-01 00:14 - 2018-10-01 00:15 - 027152440 _____ (Adlice Software) C:\Users\oldman\Desktop\RogueKiller_portable64.exe
    2018-09-30 14:48 - 2018-09-30 14:48 - 007592144 _____ (Malwarebytes) C:\Users\oldman\Desktop\adwcleaner_7.2.4.0.exe
    2018-09-29 21:59 - 2018-09-10 12:08 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180929-215909.backup
    2018-09-17 11:44 - 2018-09-17 11:44 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-09-17 11:43 - 2018-09-17 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-09-17 11:43 - 2018-09-17 11:43 - 000000000 ____D C:\Program Files\iPod
    2018-09-17 11:42 - 2018-09-17 11:43 - 000000000 ____D C:\Program Files\iTunes
    2018-09-17 10:38 - 2018-09-04 16:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-10-16 16:06 - 2017-05-27 08:59 - 000021243 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2018-10-16 16:00 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-10-16 15:59 - 2018-06-02 01:54 - 000000000 ____D C:\Users\oldman
    2018-10-16 15:58 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
    2018-10-16 15:58 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-10-16 15:57 - 2018-07-07 12:40 - 000000000 ____D C:\WINDOWS\Minidump
    2018-10-16 15:57 - 2018-06-02 02:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-10-16 15:57 - 2018-06-02 01:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-10-16 15:57 - 2015-05-03 12:12 - 000510274 ____N C:\WINDOWS\Minidump\101618-58734-01.dmp
    2018-10-16 15:28 - 2016-06-26 05:49 - 000154577 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2018-10-16 15:00 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-10-16 13:36 - 2018-06-02 02:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2018-10-16 12:47 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2018-10-16 12:39 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-10-16 12:24 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
    2018-10-16 12:11 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-10-16 12:11 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-10-16 11:49 - 2017-10-17 05:24 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2018-10-16 11:47 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-10-16 11:47 - 2018-01-27 14:55 - 000000000 ____D C:\NPE
    2018-10-16 11:47 - 2017-11-10 20:20 - 000002335 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2018-10-16 11:46 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2018-10-16 11:29 - 2018-06-02 02:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2018-10-16 11:24 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-10-16 11:24 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2018-10-16 09:07 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-10-16 08:11 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
    2018-10-15 21:35 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2018-10-15 21:35 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-10-12 22:07 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-10-12 09:37 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
    2018-10-12 09:36 - 2018-06-02 01:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-10-12 09:32 - 2015-09-16 10:37 - 000000000 ___RD C:\Users\oldman\3D Objects
    2018-10-12 09:32 - 2015-05-03 12:17 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-10-12 09:29 - 2018-06-02 01:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-10-12 09:25 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-10-12 09:24 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-10-11 21:32 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-10-11 21:24 - 2015-05-03 19:25 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-10-11 21:23 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-10-10 20:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-10-09 11:00 - 2018-09-11 21:17 - 006226432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2018-10-09 11:00 - 2018-06-02 02:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-10-09 11:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-10-09 11:00 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-10-08 14:36 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-10-08 13:34 - 2017-09-28 22:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
    2018-10-08 13:23 - 2018-08-08 20:56 - 000000893 _____ C:\Users\oldman\Desktop\current med list.txt
    2018-10-08 13:18 - 2018-07-12 22:10 - 000000000 ____D C:\Users\oldman\Desktop\JJ Family working on it
    2018-10-05 23:34 - 2017-08-25 16:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-10-05 23:34 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-10-05 09:23 - 2015-05-03 11:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-10-03 20:25 - 2015-12-10 17:48 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Adobe
    2018-10-02 14:13 - 2018-09-12 22:09 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-10-02 14:13 - 2018-09-12 22:09 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-10-01 01:56 - 2013-08-22 09:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2018-10-01 00:20 - 2017-12-17 15:55 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-09-30 12:03 - 2018-05-04 22:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
    2018-09-27 15:28 - 2018-05-04 22:19 - 000000000 ____D C:\ProgramData\NWPService
    2018-09-19 17:46 - 2015-06-14 11:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-09-19 17:46 - 2015-06-14 11:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-09-19 13:02 - 2018-06-02 02:10 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

    ==================== Files in the root of some directories =======

    2015-08-15 18:31 - 2018-07-29 11:44 - 000009728 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 13:43 - 2018-10-11 13:40 - 000106352 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    Some files in TEMP:
    ====================
    2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-02 01:43

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
    Ran by oldman (16-10-2018 16:08:28)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1803 17134.345 (X64) (2018-06-02 08:47:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.)
    Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.16.0.247 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-10-11] (Microsoft Corporation)
    Task: {18BB25D8-03D9-422C-A057-254BBEC85460} - System32\Tasks\{647E1911-0F4F-4C7A-85F2-4BDF10C6B80F} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\AppData\Local\join.me\join.me.exe -c -uninstall
    Task: {1B45A39A-64C2-4606-92B6-9B885988EF92} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {20315DD9-4094-4271-9F7A-D7F2459F3351} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {3EF2BB24-1F09-4D2F-850B-1641939DFA77} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
    Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {9BB2C6F5-8FA9-4B29-A55A-3B2CECD37A04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
    Task: {A0B92B34-B5CA-49F1-98C7-6899E27B70C7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.0.247\WSCStub.exe [2018-10-05] (Symantec Corporation)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {C1470389-004D-4179-B95E-0A46324725AF} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {E55BB73E-B3E4-4238-87BE-56ABACE54FE3} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
    Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {FF0CA258-3A02-4D3D-A2E2-799F0EAB7CDB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-10-05] (Symantec Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-05-04 07:23 - 2018-05-04 07:23 - 003232448 _____ () C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
    2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-10-11 20:58 - 2018-09-19 21:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-05-03 00:52 - 2012-06-07 21:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7941 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7941 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 21:01 - 2018-10-16 08:36 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15608 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
    DNS Servers: 192.168.0.1 - 205.171.3.66
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
    FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
    FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{C5449203-F0BB-4691-A5EE-2F7B4D5C379A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{B80B7944-0578-4FDB-83D2-3883E685F4E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    22-09-2018 18:46:19 Scheduled Checkpoint
    02-10-2018 10:55:00 Scheduled Checkpoint
    09-10-2018 15:15:26 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/16/2018 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (10/16/2018 03:58:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (10/16/2018 12:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (10/16/2018 12:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (10/16/2018 12:10:42 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (10/16/2018 12:09:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (10/16/2018 11:46:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (10/16/2018 11:46:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.


    System errors:
    =============
    Error: (10/16/2018 03:59:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/16/2018 03:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (10/16/2018 03:58:05 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (10/16/2018 03:58:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffa60155926010, 0x00000000000000ff, 0x0000000000000000, 0xfffff8007b9995ae). A dump was saved in: C:\WINDOWS\Minidump\101618-58734-01.dmp. Report Id: d3a839bd-9cd7-4c38-9b52-c1357426a3d4.

    Error: (10/16/2018 03:57:59 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:46:00 PM on ‎10/‎16/‎2018 was unexpected.

    Error: (10/16/2018 12:41:49 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (10/16/2018 12:14:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/16/2018 12:12:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.


    Windows Defender:
    ===================================
    Date: 2018-10-16 11:58:25.908
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80070643
    Error description: Fatal error during installation.

    Date: 2018-10-16 11:58:24.025
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.277.1174.0
    Previous Signature Version: 1.261.367.0
    Update Source: User
    Signature Type: AntiSpyware
    Update Type: Delta
    Current Engine Version: 1.1.14500.5
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80070666
    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

    Date: 2018-10-16 11:58:24.025
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version: 1.277.1174.0
    Previous Signature Version: 1.261.367.0
    Update Source: User
    Signature Type: AntiVirus
    Update Type: Delta
    Current Engine Version: 1.1.14500.5
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80070666
    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

    Date: 2018-09-24 17:35:43.749
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-09-24 17:35:43.748
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-10-11 12:04:33.192
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.166
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.102
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.803
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.772
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.654
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-08-28 15:39:51.563
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-08-28 15:39:51.477
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 45%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1947.73 MB
    Total Virtual: 5858.26 MB
    Available Virtual: 4321.08 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:568.68 GB) (Free:338.8 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ==================== End of Addition.txt ============================
    Attached Images Attached Images

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I'm asking about is some suspicious text in my zamgaurd driver
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)

    It appears to be a left over file from an incomplete uninstall from Zemana AntiMalware.
    I've added it in the script below.
    *****************

    I'm finding conflicting information online that suggests you might need to remove SpyProtector from your computer.
    Let's wait and see if any of the tools we use find anything.
    *****************

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
    CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
    2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll
    Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
    Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    C:\WINDOWS\ZAM_Guard.krnl.trace
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
    C:\WINDOWS\System32\drivers\zamguard64.sys
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    If you still have these tools located on your machine please delete those so we can download new/updated versions.

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    *************************************************************************

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    created by Aura

    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default The story thus far

    Interestingly enough... I had to do a system restore (1st time ever on this machine)this morning to get it running. This brought me back to a point prior to the download, install and scan of the FRST. I re-downloaded and ran the fix list, hoping it would work, it seems to have done the trick. I'll let you interpret the logs but I think things look pretty good. On the matter of the zamgaurd text, I was surprised to see no Zgaurd present anywhere in security task manager, things are running fine so I don't think I'll miss Zgaurd for now. It's worth mentioning that the Spy Protector/ STM didn't have any issues with the tools used so far, but I only run it with "warn when registry is changed" enabled unless I'm in doubt of a particular site. I'll check back for your opinion on the logs, hopefully things are as good as they seem. Thanks again.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
    Ran by oldman (17-10-2018 18:41:12) Run:1
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
    CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
    CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
    2018-10-16 11:31 - 2018-08-08 22:53 - 001947720 _____ (Microsoft Corporation) C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll
    Task: {67748148-C9ED-45C1-9AED-2EB848D826F3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
    Task: {A8F2F520-1207-4618-956D-6C972DD869D8} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
    Task: {CD77ED0C-E0A8-4E66-AB5C-326915A65B28} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
    C:\WINDOWS\ZAM_Guard.krnl.trace
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-27] (Zemana Ltd.)
    C:\WINDOWS\System32\drivers\zamguard64.sys
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => removed successfully
    HKLM\Software\Classes\CLSID\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => not found
    HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => removed successfully
    "Chrome DefaultSearchURL" => removed successfully
    "Chrome DefaultSuggestURL" => removed successfully
    "C:\Users\oldman\AppData\Local\Temp\dllnt_dump.dll" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67748148-C9ED-45C1-9AED-2EB848D826F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67748148-C9ED-45C1-9AED-2EB848D826F3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F2F520-1207-4618-956D-6C972DD869D8}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F2F520-1207-4618-956D-6C972DD869D8}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD77ED0C-E0A8-4E66-AB5C-326915A65B28}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD77ED0C-E0A8-4E66-AB5C-326915A65B28}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => removed successfully
    C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
    ZAM_Guard => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully
    ZAM_Guard => service removed successfully
    C:\WINDOWS\System32\drivers\zamguard64.sys => moved successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\chrome_installer.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\patch.js => moved successfully
    C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
    C:\Windows\Temp\WERE2B.tmp.WERDataCollectionStatus.txt => moved successfully
    C:\Windows\Temp\WERF49D.tmp.WERDataCollectionStatus.txt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 109722594 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 5369788 B
    Edge => 551262 B
    Chrome => 5233094 B
    Firefox => 1068103307 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 105758 B
    LocalService => 0 B
    NetworkService => 56904 B
    NetworkService => 0 B
    oldman => 213700819 B

    RecycleBin => 911558601 B
    EmptyTemp: => 2.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 18:52:37 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.4.0
    # -------------------------------
    # Build: 09-25-2018
    # Database: 2018-10-12.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 10-17-2018
    # Duration: 00:00:08
    # OS: Windows 10 Home
    # Cleaned: 0
    # Failed: 1


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    Not Deleted nortonsafe.search.ask.com


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1480 octets] - [15/07/2018 18:30:27]
    AdwCleaner[C00].txt - [1606 octets] - [15/07/2018 18:30:50]
    AdwCleaner[S01].txt - [25595 octets] - [10/08/2018 21:00:18]
    AdwCleaner[C01].txt - [22574 octets] - [10/08/2018 21:01:03]
    AdwCleaner[S02].txt - [2316 octets] - [10/09/2018 17:10:30]
    AdwCleaner[C02].txt - [2334 octets] - [10/09/2018 17:10:59]
    AdwCleaner[S03].txt - [1767 octets] - [30/09/2018 14:50:26]
    AdwCleaner[C03].txt - [1913 octets] - [30/09/2018 14:51:05]
    AdwCleaner[S04].txt - [1765 octets] - [17/10/2018 19:12:57]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

    RogueKiller V12.13.5.0 (x64) [Oct 15 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : oldman [Administrator]
    Started from : C:\Users\oldman\Desktop\RogueKiller_portable64.exe
    Mode : Scan -- Date : 10/17/2018 19:30:20 (Duration : 01:29:30)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547564A9E384 SATA Disk Device +++++
    --- User ---
    [MBR] f8e22dc9d39f3cb77ff7fb8069b9bd7e
    [BSP] e2a2ab006f8e6f25f3f1bbc38acf5dba : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 1615872 | Size: 582324 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1194217472 | Size: 940 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1196144640 | Size: 451 MB
    6 - [SYSTEM] Basic data partition | Offset (sectors): 1197068288 | Size: 25974 MB
    User = LL1 ... OK
    User = LL2 ... OK


  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    hopefully things are as good as they seem
    Results from the logs look good.
    Maybe when you did a system restore it set something back to default.....We might never know but kinda glad you did it.

    With the below scan if nothing is found there will be no report to post.

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default A clean EEK scan

    I can't believe how well this machine is running now, thanks so much. I'll check back to see if there are any more thoughts on this but things are looking pretty good.

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't jinx yourself!

    If you run the online scan and nothing is found we can probably remove the tools used which, can be found to be malicious by antivirus scanners.


    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ****************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •