Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: The usual redirects, with a possible kernel rootkit, thrown in for good measure.

  1. #21
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default delfixed

    At this point I'll rerun FRST and see if any of the old redirects show up. Thanks

  2. #22
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Another FRST

    After a couple days of relatively "safe" browser use, this is the resulting FRST logs. I did, for a period of time, delete super cookies for the clients2.google site but they haven't shown up for a couple months now.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.11.2018
    Ran by oldman (administrator) on EUSTACE (27-11-2018 20:12:56)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe -minimize
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34917264 2018-11-23] (Epic Games, Inc.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-27]
    FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
    FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
    FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
    FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-18]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-23] ()
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-23] (EasyAntiCheat Ltd)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181126.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181127.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
    S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
    R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-27 20:12 - 2018-11-27 20:15 - 000022416 _____ C:\Users\oldman\Desktop\FRST.txt
    2018-11-27 20:12 - 2018-11-27 20:12 - 000000000 ____D C:\FRST
    2018-11-27 19:21 - 2018-11-27 19:21 - 002416640 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
    2018-11-27 11:33 - 2018-11-27 11:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2018-11-25 16:12 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181125-161220.backup
    2018-11-24 21:42 - 2018-11-24 21:42 - 000000120 _____ C:\Users\oldman\Desktop\GUH.txt
    2018-11-24 11:29 - 2018-11-24 11:29 - 000000000 ____D C:\Users\oldman\AppData\Local\Speech Graphics
    2018-11-24 11:13 - 2018-11-24 11:13 - 000000000 _____ C:\Users\Public\Shared Files
    2018-11-24 11:08 - 2018-11-24 11:08 - 000000000 ____D C:\Users\oldman\AppData\Local\NVIDIA Corporation
    2018-11-24 11:06 - 2018-11-24 11:06 - 000000000 ____D C:\Users\oldman\AppData\Local\FortniteGame
    2018-11-24 11:05 - 2018-11-24 11:05 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
    2018-11-23 21:32 - 2018-11-23 21:32 - 000000314 _____ C:\Users\oldman\Desktop\Fortnite.url
    2018-11-23 17:37 - 2018-11-24 13:16 - 000000000 ___RD C:\Users\oldman\Desktop\Meghans Games
    2018-11-23 17:35 - 2018-11-23 17:35 - 000000000 ____D C:\Program Files\Epic Games
    2018-11-23 17:33 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2018-11-23 17:33 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngineLauncher
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngine
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\EpicGamesLauncher
    2018-11-23 17:28 - 2018-11-23 17:28 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
    2018-11-23 17:28 - 2018-11-23 17:28 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
    2018-11-23 17:27 - 2018-11-23 17:34 - 000000000 ____D C:\ProgramData\Epic
    2018-11-23 17:27 - 2018-11-23 17:27 - 000000000 ____D C:\Program Files (x86)\Epic Games
    2018-11-23 15:31 - 2018-11-24 23:36 - 000005645 _____ C:\Users\oldman\Desktop\11-23 reply spyprotector.txt
    2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
    2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
    2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
    2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
    2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
    2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
    2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
    2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
    2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
    2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
    2018-11-13 20:29 - 2018-11-27 19:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
    2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
    2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
    2018-11-12 12:39 - 2018-11-26 18:57 - 000000269 _____ C:\DelFix.txt
    2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
    2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
    2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
    2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
    2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
    2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
    2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
    2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
    2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
    2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
    2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
    2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
    2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
    2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads
    2018-10-30 17:48 - 2018-10-30 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66655511.sys
    2018-10-30 17:26 - 2018-10-30 17:26 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2018-10-30 16:49 - 2018-11-11 14:34 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
    2018-10-30 09:43 - 2018-10-19 18:05 - 000453892 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181030-104320.backup
    2018-10-30 00:49 - 2018-10-30 00:49 - 000000074 _____ C:\Users\oldman\Desktop\SciDirect white matter disease.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-27 20:09 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2018-11-27 19:38 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2018-11-27 19:37 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-11-27 19:34 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-27 19:28 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2018-11-27 19:26 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-27 19:26 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
    2018-11-27 19:26 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-11-27 19:24 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-11-27 19:24 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-11-27 19:23 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
    2018-11-27 19:11 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-27 19:11 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2018-11-27 19:06 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2018-11-27 19:01 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-27 14:53 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-27 14:53 - 2017-12-09 00:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
    2018-11-27 11:25 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-11-24 19:45 - 2015-06-07 01:19 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.minecraft
    2018-11-24 13:17 - 2015-06-13 13:05 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.technic
    2018-11-24 11:38 - 2016-07-09 10:48 - 000000000 ____D C:\Program Files (x86)\Minecraft
    2018-11-24 11:13 - 2018-04-11 16:38 - 000000000 __SHD C:\Users\Public\Libraries
    2018-11-23 17:37 - 2015-07-16 19:16 - 000000000 ____D C:\Users\oldman\Documents\miggler minecraft stuff
    2018-11-23 17:33 - 2018-06-02 14:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
    2018-11-23 17:32 - 2015-06-23 02:50 - 000000000 ____D C:\ProgramData\Package Cache
    2018-11-22 15:52 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-11-21 09:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
    2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
    2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
    2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
    2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
    2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
    2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
    2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
    2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
    2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
    2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
    2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup
    2018-10-30 17:26 - 2016-06-26 04:49 - 000170040 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt

    ==================== Files in the root of some directories =======

    2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 12:43 - 2018-11-16 11:50 - 000114514 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-02 00:43

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.11.2018
    Ran by oldman (27-11-2018 20:17:10)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
    Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
    Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
    Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {5BDA31E3-20F6-4E88-83AE-B391B040E53A} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {7CDEBC78-DC72-4720-A9AA-B396C385D844} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-901587214-2200967626-3004657440-1003Core => C:\Users\oldman\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
    Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {87498E24-4318-4420-B39E-6C2ECA53B5BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
    Task: {8F3D2196-E3FE-44EB-A19A-1011DB451F9F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {D0E6B02A-0585-4046-AEF9-1F9FEFD0F02E} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 20:01 - 2018-11-25 16:12 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
    DNS Servers: 192.168.0.1 - 205.171.3.66
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
    FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
    FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{453BC9C8-7A11-4BD0-A4BA-9D4EC19097C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [UDP Query User{0DB363E3-23DE-4A09-8458-A27D4E9AAAF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    24-11-2018 21:39:02 Removed Google Update Helper
    24-11-2018 21:40:50 Installed Google Update Helper
    24-11-2018 21:41:29 Installed Google Update Helper
    24-11-2018 21:43:46 Installed Google Update Helper

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/27/2018 07:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/27/2018 07:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/27/2018 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/27/2018 07:11:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15578

    Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15578

    Error: (11/27/2018 02:42:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/26/2018 07:21:11 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet


    System errors:
    =============
    Error: (11/27/2018 07:26:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (11/27/2018 07:26:37 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (11/27/2018 07:12:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2018 07:11:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (11/27/2018 07:11:37 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (11/27/2018 07:11:36 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:03:26 PM on ‎11/‎27/‎2018 was unexpected.

    Error: (11/27/2018 07:01:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2018 11:17:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:14.293
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-10-17 21:12:23.511
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-11-14 12:08:00.436
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.414
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.372
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.192
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.166
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.102
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.803
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.772
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 36%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 2271.4 MB
    Total Virtual: 5986.26 MB
    Available Virtual: 4331.1 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:568.68 GB) (Free:304.86 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  3. #23
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    to remove all Google services, located in add/remove programs list
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

    ~~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #24
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Fixlog results

    Hope this is what we are looking for.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
    Ran by oldman (29-11-2018 13:03:11) Run:1
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Google Update] => C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @talk.google.com/O1DPlugin -> C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=3 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: @tools.google.com/Google Update;version=9 -> C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    Task: {1CAFA8CA-9428-4563-B226-AEB95322692D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin => not found
    "C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@talk.google.com/O1DPlugin => not found
    "C:\Users\oldman\AppData\Roaming\Mozilla\plugins\npo1d.dll" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => not found
    "C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => not found
    "C:\Users\oldman\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
    "C:\Users\oldman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll" => not found
    "C:\Users\oldman\AppData\Roaming\mozilla\plugins\npo1d.dll" => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CAFA8CA-9428-4563-B226-AEB95322692D} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAFA8CA-9428-4563-B226-AEB95322692D} => removed successfully
    C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => removed successfully
    C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9736044 B
    Java, Flash, Steam htmlcache => 1140 B
    Windows/system/drivers => 505208 B
    Edge => 9216 B
    Chrome => 0 B
    Firefox => 446210610 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 3626 B
    LocalService => 0 B
    NetworkService => 0 B
    NetworkService => 0 B
    oldman => 4793044 B

    RecycleBin => 1531 B
    EmptyTemp: => 449.9 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:06:59 ====

  5. #25
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    How's the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #26
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Another FRST

    Things were running suspiciously smooth so I delfixed and FRSTed again. There are some familiar entries, what do you make of this scan?

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
    Ran by oldman (30-11-2018 12:06:59)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1803 17134.407 (X64) (2018-06-02 08:47:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.3.860 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
    Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-11-13] (Microsoft Corporation)
    Task: {1D7E6301-43AF-49E2-8F09-9FDE7BE42841} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
    Task: {481E77FC-2405-491C-B550-44527E8A07B9} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {4FF70FB8-36AD-4493-AD4A-05ACB699A133} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-11-03] (Symantec Corporation)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {5BDA31E3-20F6-4E88-83AE-B391B040E53A} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {82BC12CD-E2DA-4EEC-9DD4-DCD751894155} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {A1CD2A50-ED7D-47E4-8917-D67EA0A5CE96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {B0E58536-F4DD-4638-97BB-FBFE9AC92A08} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003 => C:\Users\oldman\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [2017-10-03] (Symantec Corporation)
    Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {E31A4D89-34BD-4CFE-A6A9-B43E1D8E8F23} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
    Task: {E5C15200-ACD9-4B52-8D6A-D818CBC34EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2012-08-08 10:36 - 2012-08-08 10:36 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-05-02 23:52 - 2012-06-07 20:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 20:01 - 2018-11-25 16:12 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15610 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Desktop\cropped Scotty Audrey Meghan.PNG
    DNS Servers: 192.168.0.1 - 205.171.3.66
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9A360527-10D8-4C70-B032-9364CABAF9CC}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{F163DE1A-BDD7-475A-BA39-30804A88C1EA}] => (Block) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [UDP Query User{36723720-49B5-4FA6-A370-6758D33B9796}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [TCP Query User{65BE56F7-1BFA-49AF-AA71-5BA1867FD708}C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe] => (Allow) C:\program files (x86)\norton wifi privacy\client\norton wifi privacy.exe
    FirewallRules: [{1C333035-49C1-4FD1-97CF-F570F016C53E}] => (Allow) LPort=5353
    FirewallRules: [{890B9B02-6014-4054-B567-08AACDF2C0B9}] => (Allow) LPort=9322
    FirewallRules: [{F181849D-64C1-458F-9BBF-519133A17B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{202A7A45-68E1-431A-A400-91C1EB742AF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{479E345C-D749-41FD-988B-53A52A04F408}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{61EE5366-C72D-464B-A5C9-80E06F54380D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{453BC9C8-7A11-4BD0-A4BA-9D4EC19097C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    FirewallRules: [UDP Query User{0DB363E3-23DE-4A09-8458-A27D4E9AAAF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    24-11-2018 21:39:02 Removed Google Update Helper
    24-11-2018 21:40:50 Installed Google Update Helper
    24-11-2018 21:41:29 Installed Google Update Helper
    24-11-2018 21:43:46 Installed Google Update Helper
    29-11-2018 13:00:35 Removed Google Talk Plugin

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/30/2018 09:35:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/30/2018 09:35:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/30/2018 09:35:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 5.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (11/30/2018 09:35:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353 17 5.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (11/29/2018 01:52:54 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: TaskMan (6280,R,98) {8A5D338A-29EB-45E3-92D2-155640DF17B3}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/29/2018 01:52:54 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: TaskMan (6280,R,98) {8A5D338A-29EB-45E3-92D2-155640DF17B3}: An attempt to create the file "C:\ProgramData\SecTaskMan\WindowsUpdates\~jbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

    Error: (11/29/2018 01:04:32 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (11/29/2018 01:03:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (11/30/2018 09:38:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/30/2018 09:36:12 AM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (11/30/2018 09:35:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/29/2018 10:05:06 PM) (Source: DCOM) (EventID: 10016) (User: eustace)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user eustace\oldman SID (S-1-5-21-901587214-2200967626-3004657440-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (11/29/2018 01:09:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/29/2018 01:08:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (11/29/2018 01:08:58 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (11/29/2018 01:03:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:17.809
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-10-24 21:41:14.293
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-10-17 21:12:23.511
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.261.367.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14500.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-11-14 12:08:00.436
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.414
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-14 12:08:00.372
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.16.2.22\BuShell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.192
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.166
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-10-11 12:04:33.102
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.1.8\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.803
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-09-05 22:40:18.772
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.15.0.88\bushell.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 46%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1901.94 MB
    Total Virtual: 5858.26 MB
    Available Virtual: 3972.3 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:568.68 GB) (Free:304.17 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Media Viewer) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
    Ran by oldman (administrator) on EUSTACE (30-11-2018 12:03:16)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Symantec Corporation) C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp\ClassicWin32App.exe
    (Symantec Corporation) C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp\ClassicWin32App.exe
    (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] ()
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [] => C:\Users\oldman\Desktop\RogueKiller_portable64.exe -minimize
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34917264 2018-11-23] (Epic Games, Inc.)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\MountPoints2: {550548f0-8389-11e8-804c-38eaa7eb314f} - "F:\ZTE_Handset_USB_Driver.exe"
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{dd1986f3-01c1-49b9-a3b1-f6e43d3a6914}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: gzi35chl.default-1466821123041-1541972058086
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 [2018-11-30]
    FF Homepage: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> moz-extension://70dcf95f-27c0-4d96-bf5b-ac77cde6f791/homePageRedirect.html
    FF HomepageOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086 -> Enabled: nortonhomepage@symantec.com
    FF Extension: (Facebook Container) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\@contain-facebook.xpi [2018-11-20]
    FF Extension: (Norton Password Manager) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\idsafe@norton.com.xpi [2018-11-13]
    FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonhomepage@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-11-13]
    FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gzi35chl.default-1466821123041-1541972058086\Extensions\nortonsafeweb@symantec.com.xpi [2018-11-29]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-08-28] (Jet Propulsion Laboratory)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-23] ()
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-23] (EasyAntiCheat Ltd)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton WiFi Privacy\client\NWPService.exe [3317264 2018-11-04] (Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\BASHDefs\20181127.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-11-29] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-11-29] (Symantec Corporation)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-04-23] ()
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.0.41\Definitions\IPSDefs\20181129.063\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
    S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-17] (Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.11.0.41\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
    R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52512 2018-11-04] (The OpenVPN Project)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-30 12:03 - 2018-11-30 12:05 - 000021658 _____ C:\Users\oldman\Desktop\FRST.txt
    2018-11-30 12:02 - 2018-11-30 12:03 - 000000000 ____D C:\FRST
    2018-11-30 12:01 - 2018-11-30 12:01 - 002417152 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
    2018-11-29 19:58 - 2018-11-29 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2018-11-25 16:12 - 2018-11-12 12:50 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181125-161220.backup
    2018-11-24 21:42 - 2018-11-24 21:42 - 000000120 _____ C:\Users\oldman\Desktop\GUH.txt
    2018-11-24 11:29 - 2018-11-24 11:29 - 000000000 ____D C:\Users\oldman\AppData\Local\Speech Graphics
    2018-11-24 11:13 - 2018-11-24 11:13 - 000000000 _____ C:\Users\Public\Shared Files
    2018-11-24 11:08 - 2018-11-24 11:08 - 000000000 ____D C:\Users\oldman\AppData\Local\NVIDIA Corporation
    2018-11-24 11:06 - 2018-11-24 11:06 - 000000000 ____D C:\Users\oldman\AppData\Local\FortniteGame
    2018-11-24 11:05 - 2018-11-24 11:05 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
    2018-11-23 21:32 - 2018-11-23 21:32 - 000000314 _____ C:\Users\oldman\Desktop\Fortnite.url
    2018-11-23 17:37 - 2018-11-24 13:16 - 000000000 ___RD C:\Users\oldman\Desktop\Meghans Games
    2018-11-23 17:35 - 2018-11-23 17:35 - 000000000 ____D C:\Program Files\Epic Games
    2018-11-23 17:33 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
    2018-11-23 17:33 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngineLauncher
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\UnrealEngine
    2018-11-23 17:30 - 2018-11-23 17:30 - 000000000 ____D C:\Users\oldman\AppData\Local\EpicGamesLauncher
    2018-11-23 17:28 - 2018-11-23 17:28 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
    2018-11-23 17:28 - 2018-11-23 17:28 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
    2018-11-23 17:27 - 2018-11-23 17:34 - 000000000 ____D C:\ProgramData\Epic
    2018-11-23 17:27 - 2018-11-23 17:27 - 000000000 ____D C:\Program Files (x86)\Epic Games
    2018-11-23 15:31 - 2018-11-24 23:36 - 000005645 _____ C:\Users\oldman\Desktop\11-23 reply spyprotector.txt
    2018-11-20 15:23 - 2018-11-20 15:23 - 000000109 _____ C:\Users\oldman\Desktop\Mbar link.txt
    2018-11-20 14:48 - 2018-11-20 14:48 - 004463104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2018-11-20 11:23 - 2018-11-20 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\C515B52D.sys
    2018-11-20 11:19 - 2018-11-20 11:20 - 014161479 _____ C:\Users\oldman\Desktop\mbar-1.10.3.1001-nr.exe
    2018-11-17 16:56 - 2018-11-17 16:56 - 000000000 ____D C:\Program Files\rempl
    2018-11-14 23:31 - 2018-11-16 11:28 - 000000000 ____D C:\N360_BACKUP
    2018-11-14 22:04 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-11-14 22:04 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-11-14 22:04 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-11-14 22:04 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-14 22:04 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-14 22:04 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-11-14 22:04 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-11-14 22:04 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-11-14 22:04 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-11-14 22:04 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-11-14 22:04 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-11-14 22:04 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-14 22:04 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-11-14 22:04 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-11-14 22:04 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-11-14 22:04 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-11-14 22:04 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-11-14 22:04 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-11-14 22:04 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-11-14 22:04 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-11-14 22:04 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-11-14 22:04 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-11-14 22:03 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-11-14 22:03 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-11-14 22:03 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-11-14 22:03 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-11-14 22:03 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-11-14 22:03 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-11-14 22:03 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-11-14 22:03 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-11-14 22:03 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-11-14 22:03 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-11-14 22:03 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-11-14 22:03 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-11-14 22:03 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-11-14 22:03 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-11-14 22:03 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-11-14 22:03 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-11-14 22:03 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
    2018-11-14 22:03 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-11-14 22:03 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-11-14 22:03 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-14 22:03 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-14 22:03 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-11-14 22:03 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-11-14 22:03 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-11-14 22:03 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-11-14 22:03 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-14 22:03 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-11-14 22:03 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-11-14 22:03 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-11-14 22:03 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-14 22:03 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-11-14 22:03 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-11-14 22:03 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-11-14 22:03 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2018-11-14 22:03 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-11-14 22:03 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-11-14 22:03 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-14 22:03 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2018-11-14 22:03 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-11-14 22:03 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-11-14 22:03 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-11-14 22:03 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2018-11-14 22:03 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2018-11-14 22:03 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2018-11-14 22:03 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-11-14 22:03 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2018-11-14 22:03 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2018-11-14 22:03 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-11-14 22:03 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-11-14 22:03 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-11-14 22:03 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-11-14 22:03 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
    2018-11-14 22:03 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-11-14 22:03 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-11-14 22:03 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
    2018-11-14 22:03 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-11-14 22:03 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-11-14 22:03 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-11-14 22:03 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-11-14 22:03 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-11-14 22:03 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2018-11-14 22:03 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
    2018-11-14 22:03 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
    2018-11-14 22:02 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-14 22:02 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-11-14 22:02 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-11-14 22:02 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2018-11-14 22:02 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-11-14 22:02 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-11-14 22:02 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2018-11-14 22:02 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-11-14 22:02 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-11-14 22:02 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-11-14 22:02 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-11-14 22:02 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-11-14 22:02 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-11-14 22:02 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-11-14 22:02 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-11-14 22:02 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-11-14 22:02 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-11-14 22:02 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
    2018-11-14 22:02 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
    2018-11-14 22:02 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
    2018-11-14 22:02 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
    2018-11-14 22:02 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-11-14 22:02 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2018-11-14 22:02 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2018-11-14 22:02 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-11-14 22:02 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-11-14 22:02 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-11-14 22:02 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-11-14 22:02 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-11-14 22:02 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-11-14 22:02 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2018-11-14 22:02 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-11-14 22:02 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-11-14 22:02 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-11-14 22:02 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-11-14 22:02 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2018-11-14 22:02 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2018-11-14 22:02 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-11-14 22:02 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-11-14 22:02 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
    2018-11-14 22:02 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2018-11-14 22:02 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
    2018-11-14 22:02 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2018-11-14 22:02 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2018-11-14 22:02 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-11-14 22:02 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2018-11-14 22:02 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2018-11-14 22:02 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2018-11-14 22:02 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2018-11-14 22:02 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
    2018-11-14 22:02 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2018-11-14 22:02 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-11-14 22:02 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2018-11-14 22:02 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2018-11-14 22:02 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2018-11-14 22:02 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
    2018-11-14 22:02 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2018-11-14 22:02 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2018-11-14 22:02 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-11-14 22:02 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-11-14 17:17 - 2018-11-20 18:34 - 000002080 _____ C:\Users\oldman\Desktop\new FRST notes.txt
    2018-11-13 20:29 - 2018-11-29 23:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
    2018-11-13 17:44 - 2018-11-13 17:44 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-11-13 17:43 - 2018-11-14 21:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2018-11-13 17:30 - 2018-11-13 17:30 - 001157064 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NortonNSBUDownloader.exe
    2018-11-12 12:50 - 2018-10-30 09:43 - 000453948 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181112-125012.backup
    2018-11-12 12:39 - 2018-11-30 11:52 - 000000525 _____ C:\DelFix.txt
    2018-11-11 02:44 - 2018-11-11 02:44 - 000001386 _____ C:\Users\oldman\Desktop\Dons list.txt
    2018-11-10 22:51 - 2018-11-22 12:48 - 000000000 ____D C:\Users\oldman\Desktop\New folder (2)
    2018-11-08 14:27 - 2018-11-08 14:27 - 000000000 ____D C:\Users\oldman\Desktop\MRI copy
    2018-11-08 14:21 - 2018-11-08 14:21 - 000000000 ____D C:\Users\oldman\Desktop\New folder
    2018-11-06 20:52 - 2018-11-06 20:52 - 000001740 _____ C:\Users\oldman\Desktop\Rant Response.txt
    2018-11-05 16:32 - 2018-11-05 16:32 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-11-05 16:32 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iPod
    2018-11-05 16:31 - 2018-11-05 16:32 - 000000000 ____D C:\Program Files\iTunes
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000600 _____ C:\WINDOWS\SysWOW64\config.db
    2018-11-04 20:57 - 2018-11-04 20:57 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy
    2018-11-04 20:57 - 2018-11-04 20:56 - 000052512 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\SymTAP.sys
    2018-11-04 14:19 - 2018-11-04 14:19 - 001691434 _____ C:\Users\oldman\Desktop\hakin9_wifi_EN.pdf
    2018-11-02 16:34 - 2018-11-03 20:12 - 000000000 ____D C:\Users\oldman\Desktop\JoJo's smartest phone
    2018-11-01 15:21 - 2018-11-01 16:19 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
    2018-10-31 19:30 - 2018-10-31 19:30 - 008159232 _____ C:\HPSoftwareFramework.msi
    2018-10-31 19:30 - 2018-10-31 19:30 - 000000000 ____D C:\Users\oldman\AppData\Roaming\HP
    2018-10-31 19:19 - 2018-10-31 19:19 - 000000000 ____D C:\Users\oldman\Downloads\HP Downloads

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-30 12:02 - 2016-11-28 00:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2018-11-30 11:03 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-30 09:38 - 2018-06-02 01:10 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2018-11-30 00:58 - 2018-06-02 00:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-29 14:23 - 2015-05-03 11:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2018-11-29 14:22 - 2015-05-03 11:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2018-11-29 14:16 - 2018-06-12 17:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-11-29 13:09 - 2016-08-20 09:31 - 000000000 ____D C:\ProgramData\Kodak
    2018-11-29 13:09 - 2015-12-03 21:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-11-29 13:08 - 2018-06-02 01:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-29 13:07 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2018-11-29 13:07 - 2015-07-29 02:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-11-29 13:02 - 2015-05-23 07:39 - 000000000 ____D C:\Users\oldman\AppData\Local\Google
    2018-11-29 13:01 - 2015-05-03 10:47 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Mozilla
    2018-11-29 09:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-11-29 09:46 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-28 21:26 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-27 19:23 - 2018-06-02 00:54 - 000000000 ____D C:\Users\oldman
    2018-11-27 19:11 - 2017-05-02 13:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2018-11-27 19:06 - 2018-06-02 01:10 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2018-11-27 14:53 - 2017-12-09 00:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
    2018-11-24 19:45 - 2015-06-07 01:19 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.minecraft
    2018-11-24 13:17 - 2015-06-13 13:05 - 000000000 ____D C:\Users\oldman\AppData\Roaming\.technic
    2018-11-24 11:38 - 2016-07-09 10:48 - 000000000 ____D C:\Program Files (x86)\Minecraft
    2018-11-24 11:13 - 2018-04-11 16:38 - 000000000 __SHD C:\Users\Public\Libraries
    2018-11-23 17:37 - 2015-07-16 19:16 - 000000000 ____D C:\Users\oldman\Documents\miggler minecraft stuff
    2018-11-23 17:33 - 2018-06-02 14:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
    2018-11-23 17:32 - 2015-06-23 02:50 - 000000000 ____D C:\ProgramData\Package Cache
    2018-11-22 15:52 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-11-20 17:49 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-20 14:48 - 2018-06-02 01:10 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-20 14:48 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-20 13:31 - 2017-12-20 15:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2018-11-20 11:22 - 2018-09-10 14:01 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2018-11-19 16:24 - 2017-08-25 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-11-19 16:24 - 2015-05-03 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-19 15:54 - 2018-01-12 15:01 - 000000736 _____ C:\Users\oldman\Desktop\Appointment and to do stuff.txt
    2018-11-16 17:34 - 2015-05-03 10:47 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-16 16:00 - 2018-09-12 21:09 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-16 16:00 - 2018-09-12 21:09 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-16 11:09 - 2018-05-04 21:20 - 000000000 ____D C:\Users\oldman\AppData\Local\Norton WiFi Privacy
    2018-11-15 09:26 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2018-11-15 09:23 - 2018-06-02 00:53 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-15 09:17 - 2015-09-16 09:37 - 000000000 ___RD C:\Users\oldman\3D Objects
    2018-11-15 09:17 - 2015-05-03 11:17 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-15 09:16 - 2018-06-02 00:43 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-14 23:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-14 23:31 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-14 23:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-14 21:09 - 2017-11-10 19:20 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2018-11-14 19:36 - 2018-06-02 01:10 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-11-14 15:49 - 2015-10-21 18:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-11-13 20:38 - 2015-05-03 18:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-13 20:34 - 2015-05-03 18:25 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-13 18:28 - 2018-10-20 23:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2018-11-13 18:18 - 2015-06-10 00:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-11-13 17:47 - 2017-09-28 21:29 - 000000000 ____D C:\Users\oldman\Desktop\Misc. desktop crap
    2018-11-13 17:46 - 2015-05-03 00:05 - 000000000 ____D C:\ProgramData\Norton
    2018-11-13 17:44 - 2018-02-26 14:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2018-11-13 17:34 - 2015-05-13 09:14 - 000000000 ____D C:\Users\Public\Downloads\Norton
    2018-11-11 14:34 - 2018-10-30 16:49 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
    2018-11-05 23:26 - 2015-05-03 11:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2018-11-04 20:57 - 2018-07-04 12:09 - 000000000 ____D C:\Program Files (x86)\Norton WiFi Privacy (1.4.9)
    2018-11-02 18:18 - 2015-08-15 17:31 - 000011264 _____ C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-10-31 19:35 - 2015-05-24 00:52 - 000000000 ____D C:\Program Files (x86)\Google
    2018-10-31 19:31 - 2015-05-04 07:08 - 000000000 ____D C:\Users\oldman\AppData\Roaming\hpqlog
    2018-10-31 19:30 - 2017-11-21 09:22 - 000000000 ____D C:\Program Files\HP
    2018-10-31 19:30 - 2017-04-11 19:37 - 000000000 ____D C:\Program Files (x86)\HP
    2018-10-31 19:28 - 2012-08-16 21:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2018-10-31 19:22 - 2012-08-03 17:02 - 000000000 ____D C:\SWSetup

    ==================== Files in the root of some directories =======

    2015-08-15 17:31 - 2018-11-02 18:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 12:43 - 2018-11-30 11:37 - 000116564 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 12:43 - 2015-08-01 12:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 08:41 - 2018-02-13 23:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-02 00:43

    ==================== End of FRST.txt ============================

  7. #27
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Things were running suspiciously smooth
    Good deal

    I see a couple things related to Google Chrome

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    Start::
    CloseProcesses:
    CreateRestorePoint:
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    C:\Program Files (x86)\Google
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #28
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default latest fixlog and stuff

    This looks interesting, curious what you think. I did disable one of the Norton "Ask" extensions in my FF, that seems to have been a good thing to do. let me know if there are any other tools I should run before delfixing and rechecking?

    Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by oldman (02-12-2018 11:56:20) Run:1
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    C:\Program Files (x86)\Google
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
    C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
    "C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll" => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
    C:\Program Files (x86)\Google => moved successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\HighPerformancePlan.log => moved successfully
    C:\Windows\Temp\PowerPlan.log => moved successfully
    C:\Windows\Temp\sa.9MXHFHKR097P_0__.Public.InstallAgent.dat => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15125524 B
    Java, Flash, Steam htmlcache => 1140 B
    Windows/system/drivers => 1251800 B
    Edge => 10854012 B
    Chrome => 0 B
    Firefox => 250273212 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 2720 B
    LocalService => 0 B
    NetworkService => 0 B
    NetworkService => 0 B
    oldman => 13394533 B

    RecycleBin => 0 B
    EmptyTemp: => 287.5 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:02:01 ====

  9. #29
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    OK, log looks good.

    Norton/Symantec is used by many but tends to be a little heavy duty (Many security suites can do this so it's not just Norton). It can throw in items of protection that can lead to bogging down a computer while it's trying to give protection on multiple levels. Some machines just don't do well with this heavy load.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #30
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default A clean machine (Knocking on wood)

    Wanted to thank you for your help again, the FRST fixes are priceless to me. I've run many scans, including root kits, everything comes up clean no matter what scanner or tool is used, I'm assuming this is a good sign. This would probably be a good point to close this thread since fixing something that ain't broke is a waste of time for everyone involved. I may play around with this computer a little longer to try and understand better whats going on with the infections but I'll likely just format and reinstall, then watch closely to try and find problems as they develop.
    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •