Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: The usual redirects, with a possible kernel rootkit, thrown in for good measure.

  1. #11
    Senior Member
    Join Date
    Jun 2014
    Posts
    132

    Default Scan Logs

    The FRST fix had a hang up while running, had to run it twice to get the log.
    The Rogue scan was clean so I didn't pos that log.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
    Ran by oldman (19-11-2018 16:46:27) Run:2
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Spy Protector" => not found
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\MpCmdRun.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4252004 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 17113940 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 1924 B
    LocalService => 0 B
    NetworkService => 2110 B
    NetworkService => 0 B
    oldman => 141599 B

    RecycleBin => 0 B
    EmptyTemp: => 30.5 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 16:48:18 ====

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
    Ran by oldman (19-11-2018 16:46:27) Run:2
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (Neuber Software - www.neuber.com)
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.2.22&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2016-09-01&gct=kwd&qsrc=2869
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Spy Protector" => not found
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\MpCmdRun.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4252004 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 17113940 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 1924 B
    LocalService => 0 B
    NetworkService => 2110 B
    NetworkService => 0 B
    oldman => 141599 B

    RecycleBin => 0 B
    EmptyTemp: => 30.5 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 16:48:18 ====

  2. #12
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Follow the instructions in the thread below to run a scan with MBAR. Don't forget to update the database before launching the scan, and once launched, leave MBAR running and do not touch your computer until it is done scanning.

    https://forums.malwarebytes.com/topi...-malwarebytes/

    Once MBAR is done scanning, removing threats and rebooting your computer, go in its MBAR folder, and copy/paste the content of the mbar-log-TODAYS-DATE.txt log in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #13
    Senior Member
    Join Date
    Jun 2014
    Posts
    132

    Default Clean Mbar scan

    The Mbar ran without any glitches but came up clean, nothing to post on that. A few noteworthy items I should mention at this point would be that I deleted my chrome browser some time ago since I didn't use it and it always seemed to figure in to malware detections, there must be components left behind that are being picked up in some of these scans. The only browser add-ons that I use are Norton safe search and Mozilla facebook container, both seem fairly useful and benign, but I could be mistaken. When I first open my FF browser I always get a blank page (see screenshot attached) that doesn't change until I open another tab or hit the FF home page button, this only occurs after the initial computer start up, then the safe search opens as you would expect, I can't account for this and so it seems like "suspicious behavior" to me, but again I could be wrong. Also worth noting, last August my wife ran an "RT" video clip while on her FB page, this resulted in an epic "bearshare" infection that was worth 170 odd detections cleaned with AdwClean, I could post that log but it's probably moot at this point. I can't help but think that after we are done with this session and the delfix is run, I would probably get the same redirect issues by running FRST again in spite of my limiting browsing to nothing more than visiting the sites needed to download tools. One other question involves the attached screen shot "hosts list". After a routine Spybot scan I got a notice from Security task manager that sites were added to my hosts, is this just spybot doing its thing, or something else? I don't really understand host lists and their function so I'm hoping you can tell me what I'm looking at.
    Thanks again!
    Attached Images Attached Images

  4. #14
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Read over these troubleshooting tips for Firefox.
    https://support.mozilla.org/en-US/questions/1220073

    If I'm not wrong, Spybot is adding those to a blocked host list, so to me that would be normal.

    I should mention at this point would be that I deleted my chrome browser some time ago since I didn't use it and it always seemed to figure in to malware detections, there must be components left behind that are being picked up in some of these scans
    Let's check for Chrome left overs.

    ~~~~~~~~~~~
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #15
    Senior Member
    Join Date
    Jun 2014
    Posts
    132

    Default 2nd FRST scan

    This scan was run without delfixing or any other changes, other than putting the last scan logs into a separate folder. I haven't used the VPN or spyprotector since the last round of fixes. Browsing has been limited to my gmail, online banking and other fairly secure sites. Definitely no facebooking or random site browsing. I do have questions about the
    System errors, Whitelisted Internet, IE and Firefox detections, but I'll wait to hear your thoughts.
    About the "blank opening ff" question, I did get that sorted out, no problem there anymore. As for the hosts question that makes sense, I was hoping it was spybot making the changes, I just hadn't seen it picked up by the spyprotector so I didn't recognize it. Thanks again for your help.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
    Ran by oldman (administrator) on EUSTACE (22-11-2018 12:50:14)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\oldman\Desktop\FRST64(1).exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe [33263160 2018-11-19] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-22]
    FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
    FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
    FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
    FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-18]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
    R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181119.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181121.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
    S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
    R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-22 12:50 - 2018-11-22 12:52 - 000022962 _____ C:\Users\oldman\Desktop\FRST.txt
    2018-11-22 12:50 - 2018-11-22 12:50 - 000000000 ____D C:\Users\oldman\Desktop\FRST-OlderVersion
    2018-11-21 19:58 - 2018-11-21 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
    2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
    2018-11-20 11:22 - 2018-11-20 13:31 - 000000000 ____D C:\Users\oldman\Desktop\mbar
    2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
    2018-11-19 18:48 - 2018-11-19 18:48 - 000000924 _____ C:\Users\oldman\Desktop\Fixlog.txt - Shortcut.lnk
    2018-11-19 18:25 - 2018-11-19 18:32 - 000000000 ____D C:\AdwCleaner
    2018-11-19 15:39 - 2018-11-19 15:40 - 033263160 _____ C:\Users\oldman\Desktop\RogueKiller_portable64.exe
    2018-11-19 15:36 - 2018-11-19 15:36 - 007592144 _____ (Malwarebytes) C:\Users\oldman\Desktop\AdwCleaner.exe
    2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
    2018-11-16 17:58 - 2018-11-22 12:50 - 000000000 ____D C:\FRST
    2018-11-16 17:52 - 2018-11-22 12:50 - 002416640 _____ (Farbar) C:\Users\oldman\Desktop\FRST64(1).exe
    2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
    2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
    2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
    2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
    2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
    2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
    2018-11-13 20:29 - 2018-11-22 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
    2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
    2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
    2018-11-12 12:39 - 2018-11-16 17:44 - 000000291 _____ C:\DelFix.txt
    2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
    2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
    2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
    2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
    2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
    2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
    2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
    2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
    2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
    2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
    2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
    2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
    2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
    2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
    2018-10-30 17:48 - 2018-10-30 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66655511.sys
    2018-10-30 17:26 - 2018-10-30 17:26 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2018-10-30 16:49 - 2018-11-11 14:34 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
    2018-10-30 09:43 - 2018-10-19 18:05 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181030-104320.backup
    2018-10-30 00:49 - 2018-10-30 00:49 - 000000074 _____ C:\Users\oldman\Desktop\SciDirect white matter disease.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-22 12:50 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2018-11-22 12:33 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-22 12:22 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-22 11:42 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2018-11-22 11:39 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-21 22:36 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2018-11-21 22:35 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-11-21 21:44 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-11-21 19:49 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-21 09:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-20 14:34 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2018-11-20 14:34 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2018-11-19 18:34 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-19 18:34 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
    2018-11-19 18:34 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-11-19 18:33 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-11-19 18:33 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
    2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
    2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
    2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-14 21:13 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
    2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-11-13 17:48 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
    2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
    2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
    2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
    2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
    2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
    2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
    2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
    2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
    2018-10-30 17:26 - 2016-06-26 04:49 - 000170040 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2018-10-26 18:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF

    ==================== Files in the root of some directories =======

    2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 12:43 - 2018-11-16 11:50 - 000114514 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-02 00:43

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
    Ran by oldman (22-11-2018 12:53:15)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
    Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
    Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
    Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {87498E24-4318-4420-B39E-6C2ECA53B5BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {C0332FBD-D029-4F04-B246-5CFD8A9087CE} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {DFC75E15-AFDC-46F1-961E-5DBC2D592309} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
    Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {FE9D5577-5031-45F5-B05A-BA58FAF62E6C} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 20:01 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
    DNS Servers: 192.168.0.1 - 205.171.3.66
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
    FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
    FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    31-10-2018 19:27:43 Installed HP PC Hardware Diagnostics Windows
    10-11-2018 15:28:50 Scheduled Checkpoint
    13-11-2018 20:32:10 Windows Update
    17-11-2018 16:54:52 Windows Update
    19-11-2018 16:46:37 Restore Point Created by FRST

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/22/2018 11:38:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/22/2018 11:38:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

    Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15578

    Error: (11/22/2018 12:28:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/21/2018 07:38:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/21/2018 07:38:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/21/2018 09:54:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.


    System errors:
    =============
    Error: (11/22/2018 11:41:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/22/2018 11:38:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/21/2018 07:38:55 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (11/21/2018 09:57:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/21/2018 09:55:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/20/2018 06:51:25 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/20/2018 06:51:25 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/20/2018 06:51:24 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:14.293
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-10-17 21:12:23.511
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-11-14 12:08:00.436
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.414
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.372
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.192
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.166
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.102
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.803
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.772
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 47%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1849.52 MB
    Total Virtual: 5986.26 MB
    Available Virtual: 3892.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:568.68 GB) (Free:337.18 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  6. #16
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Did you mean spyprotector or Spybot - Search and Destroy?
    Cause if I had seen spyprotector I would had asked you to uninstall it.

    System errors, Whitelisted Internet, IE and Firefox detections, but I'll wait to hear your thoughts
    .

    What is displayed shows me your behind a router and your ISP carrier, BHO (Browser Helper Objects and browser addons)
    along with Main,Default_Page_URL

    FireFox: default user Profile for: gzi35chl
    home page with addons and extensions


    Other items I see are really not disturbing and are seen on most if your not using Cortana and Microsoft Edge. Kinda come along with Windows 10.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Located in your add/remove programs list you should see the below, see if it will allow you to uninstall.
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden



    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #17
    Senior Member
    Join Date
    Jun 2014
    Posts
    132

    Default Progress

    It seems that the spyprotector I have unfortunately shares its name with another, less desirable program.

    https://www.bleepingcomputer.com/vir...e-spyprotector

    The spyprotector on my computer is part of Neuber's security task manager. It was shut down in one of the fix runs recently and I've not bothered restarting it while sorting out the browser issues. I do use the STM part of the program to dump HSST cookies and check processes regularly. The trial gives a good example of what it's capable of. I used it to dump the google update helper program as you requested, the fixlog looks promising, curious what you think.
    https://www.neuber.com/taskmanager/p...ector.exe.html

    Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
    Ran by oldman (24-11-2018 21:59:18) Run:3
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
    Task: {28C114CA-CFE9-487D-8483-4C040DF0A54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo => removed successfully
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removed successfully
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28C114CA-CFE9-487D-8483-4C040DF0A54B} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28C114CA-CFE9-487D-8483-4C040DF0A54B} => removed successfully
    C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6E612E-F472-4AB9-9380-3B84FBB2E9FB} => removed successfully
    C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003UA => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\HighPerformancePlan.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\PowerPlan.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45486718 B
    Java, Flash, Steam htmlcache => 1140 B
    Windows/system/drivers => 505208 B
    Edge => 536910 B
    Chrome => 0 B
    Firefox => 431465808 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 7638 B
    LocalService => 0 B
    NetworkService => 5300 B
    NetworkService => 0 B
    oldman => 95001539 B

    RecycleBin => 35050569 B
    EmptyTemp: => 589.9 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 22:03:45 ====

  8. #18
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Looks like the tool removed all it was asked to do.

    Computer better?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #19
    Senior Member
    Join Date
    Jun 2014
    Posts
    132

    Default So much better!

    The title says it all, shall I delfix it yet?

  10. #20
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Sure

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •