Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Redirecting and stuff

  1. #1
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Post Redirecting and stuff

    Hi, (again) I've recently picked up a redirect that I'd like some help with, hoping I haven't worn out your patience and I can get your opinion on these logs. I pulled this off the Wireshark, maybe useful, but this is probably a somewhat involved infection...
    [ds-global3.17.search.ystg1.b.yahoo .com] [IP= 98.136.144.138]


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01
    Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (15-05-2019 23:13:34)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
    HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
    Task: {38F7AC40-C4F1-4823-B0D1-A8F0598D5BC4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
    Task: {4A276F76-C51C-45FC-A2F4-1117E386AA2B} - System32\Tasks\S-1-5-21-901587214-2200967626-3004657440-1003\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-12] (Microsoft Windows -> Microsoft Corporation)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
    Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9614F9DD-C96B-4F3D-BA9C-E649C94288E0} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
    Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
    Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
    Task: {BFEAAB89-A9BC-4AA9-9F1D-AAC4C9F75A31} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33965624 2019-05-14] (Adlice -> )
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
    Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

    Edge:
    ======
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28]

    FireFox:
    ========
    FF DefaultProfile: gmcms6os.default-1466821123041-1557966796116
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 [2019-05-15]
    FF Homepage: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> moz-extension://abd2b215-bc85-4cda-a6bf-c6e475034c5c/homePageRedirect.html
    FF HomepageOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonhomepage_ven_y@symantec.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116 -> Enabled: nortonsafesearch_ul_ven_y_2@symantec.com
    FF Extension: (Norton Home Page) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonhomepage_ven_y@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
    FF Extension: (Norton Safe Search) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafesearch_ul_ven_y_2@symantec.com.xpi [2019-05-15] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
    FF Extension: (Norton Safe Web) - C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\gmcms6os.default-1466821123041-1557966796116\Extensions\nortonsafeweb@symantec.com.xpi [2019-05-15]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
    FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
    R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
    R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190513.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
    R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190515.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
    R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
    U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
    S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
    S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
    R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
    R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    U4 npcap_wifi; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-15 23:13 - 2019-05-15 23:17 - 000036936 _____ C:\Users\oldman\Desktop\FRST.txt
    2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
    2019-05-15 23:11 - 2019-05-15 23:11 - 002434560 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
    2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
    2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
    2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
    2019-05-15 17:54 - 2019-05-15 17:54 - 000000495 _____ C:\Users\oldman\Desktop\IE cache 5-15.txt
    2019-05-15 14:49 - 2019-05-15 14:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
    2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
    2019-05-14 16:47 - 2019-05-15 22:16 - 000000223 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
    2019-05-14 16:03 - 2019-05-14 16:03 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-05-14 16:03 - 2019-05-14 16:03 - 000000000 ____D C:\Program Files\RogueKiller
    2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
    2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
    2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
    2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
    2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
    2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
    2019-05-10 09:13 - 2019-05-15 16:49 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
    2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
    2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
    2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
    2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
    2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
    2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy
    2019-04-16 12:27 - 2019-04-16 12:27 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2019-04-15 12:06 - 2019-04-15 12:06 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2019-04-15 12:06 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iPod
    2019-04-15 12:04 - 2019-04-15 12:06 - 000000000 ____D C:\Program Files\iTunes

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-15 23:13 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
    2019-05-15 23:12 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
    2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
    2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
    2019-05-15 22:46 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
    2019-05-15 22:46 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
    2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
    2019-05-15 22:32 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-05-15 22:02 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-05-15 18:33 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
    2019-05-15 17:55 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
    2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-05-15 14:17 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
    2019-05-15 14:08 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-05-15 14:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
    2019-05-15 14:01 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2019-05-15 14:00 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-05-15 13:59 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-05-15 13:59 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-05-15 12:41 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-05-14 23:25 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2019-05-14 16:04 - 2019-03-31 16:21 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
    2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-05-14 15:30 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-05-14 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-05-12 23:32 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
    2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
    2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
    2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
    2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
    2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
    2019-05-08 19:21 - 2019-03-04 16:43 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
    2019-05-08 19:20 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
    2019-05-08 18:40 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
    2019-05-04 23:54 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
    2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
    2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-04-30 13:53 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
    2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
    2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
    2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2019-04-17 15:07 - 2015-07-14 21:37 - 000000000 ____D C:\Users\oldman\Documents\Youcam
    2019-04-17 14:34 - 2015-06-02 17:51 - 000000000 ____D C:\Users\oldman\AppData\Roaming\Skype
    2019-04-16 12:27 - 2019-03-03 17:49 - 000000000 ____D C:\Program Files\Wireshark

    ==================== Files in the root of some directories =======

    2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
    2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
    Ran by oldman (15-05-2019 23:18:20)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
    Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
    Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    RogueKiller version 13.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.0.0 - Adlice Software)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
    USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    Packages:
    =========
    All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.137.700.0_x86__kgqvnymyfvs32 [2019-04-17] (king.com)
    Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
    Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
    HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
    HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
    Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
    Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
    Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.7.0.0_neutral__v68kp9n051hdp [2019-03-28] (Symantec Corporation)
    Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
    Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
    TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
    Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)
    Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
    2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7945 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7946 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 21:01 - 2019-05-12 23:06 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15617 more lines.


    2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
    DNS Servers: 192.168.0.1 - 205.171.3.65
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run: => "boinctray"
    HKLM\...\StartupApproved\Run: => "KOBAAmon"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "KOBAAmon"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{02A0DC13-4512-4DA3-AB45-8912D3DF93D8}] => (Allow) LPort=9322
    FirewallRules: [{66B8882C-58B1-4E9E-B9A0-31F300A5E704}] => (Allow) LPort=5353
    FirewallRules: [{5C19FB7B-5B75-4C8B-AB2E-EAAFFD3DFE93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{71246B5F-9658-4563-8FB3-C9AD629BB5AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{3044EDD6-7A83-492B-B5BF-DDD5DDC4181C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{36EB4030-7840-451A-8178-E1BF4B08C5A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    28-04-2019 22:55:16 Scheduled Checkpoint
    03-05-2019 15:59:03 Windows Update
    13-05-2019 13:03:24 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/15/2019 02:01:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.

    Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.

    Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.

    Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.

    Error: (05/15/2019 02:01:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.

    Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: TaskMan (1292,R,98) {856C0929-8756-4B9D-9646-8E7FBAA2B3CE}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -528.

    Error: (05/15/2019 12:41:25 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: TaskMan (1292,R,98) {27ECD5A8-FE52-4AB2-86CA-0E8C673383A3}: Database recovery/restore failed with unexpected error -1811.

    Error: (05/15/2019 11:35:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.


    System errors:
    =============
    Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Razer Synapse Service service depends on the Razer Game Manager Service service which failed to start because of the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The RzActionSvc service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/15/2019 02:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the RzActionSvc service to connect.

    Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Razer Game Manager Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/15/2019 02:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Manager Service service to connect.

    Error: (05/15/2019 02:00:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (05/15/2019 02:00:49 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (05/15/2019 01:59:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Razer Synapse Service service.


    CodeIntegrity:
    ===================================

    Date: 2019-05-15 14:01:03.837
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-15 14:01:03.813
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-15 14:01:03.369
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-15 14:01:03.337
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-14 15:40:04.377
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-14 15:40:04.183
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-14 15:40:03.785
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-14 15:40:03.660
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    BIOS: Insyde F.26 02/21/2013
    Motherboard: Hewlett-Packard 1849
    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 70%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1031.57 MB
    Total Virtual: 6498.26 MB
    Available Virtual: 3682.55 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:567.72 GB) (Free:330.25 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
    Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)

    ==================== End of Addition.txt ============================
    Attached Images Attached Images
    Attached Files Attached Files

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    Your not going to believe this, I thought I had replied this morning.....sorry


    SpyProtector is in your add/remove programs list, at this time, if it's not a paid for product I think you should uninstall it.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
    hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
    C:\Windows\Temp\*.*
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Cool Scan Logs v.1.0

    No worries on the response time, I'm very patient while getting free, good advice. The logs attached logs reflect a lot of fixes and the restarts were pretty involved, still not out of the proverbial "woods" yet though. At this point the redirect is still saying "Yahoo" (sorry, couldn't resist the pun) I do still see a lot of site traffic on the wireshark that I wish I didn't, this will likely be a rather involved process judging by what I've been watching. I do believe I mentioned once, a popular site for downloading tools etc. that I picked up a "bad" tool from. That was only one of the problems I have documented in captures, screenshots and graphs. This is probably more than script kids just messing around, at least that's my impression. 1st, some detail on the browser redirect. It doesn't seem to be redirecting bookmarked or linked sites, thus I'm able to log into some sites with no apparent problem. Any use of the search bar itself inevitably leads to the yahoo page, no exceptions. I do clear and block cookies in my FF browser as well as the supercookies, in spite of the block, they still reinstall. another point worth mentioning, is that the redirect page added a very cheesy Norton logo to itself, but it wasn't hard to spot the "yahoo format". On the upside, I wasn't terribly surprised to see an account was logged out of during one of the fix restarts.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
    Ran by oldman (17-05-2019 17:37:26) Run:1
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    Task: {3DD2649C-CA8A-4727-BA04-DE71F61448D5} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
    hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.1.50\Exts\Chrome.crx <not found>
    S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3DD2649C-CA8A-4727-BA04-DE71F61448D5}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD2649C-CA8A-4727-BA04-DE71F61448D5}" => removed successfully
    C:\WINDOWS\System32\Tasks\npcapwatchdog => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\npcapwatchdog" => removed successfully
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    "HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => removed successfully
    HKLM\Software\Classes\CLSID\{53e2f62a-3083-46e6-8527-cf89e4acb4ae} => not found
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869 => Error: No automatic fix found for this entry.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
    HKLM\System\CurrentControlSet\Services\EasyAntiCheat => removed successfully
    EasyAntiCheat => service removed successfully
    C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\AdobeARM.log => moved successfully
    C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
    C:\Windows\Temp\ArmUI.ini => moved successfully
    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MSI422b.LOG => moved successfully
    C:\Windows\Temp\UDD997A.tmp => moved successfully
    C:\Windows\Temp\UDD9DE0.tmp => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========



    The system needed a reboot.

    ==== End of Fixlog 17:39:20 ====
    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-04-29.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 05-17-2019
    # Duration: 00:00:13
    # OS: Windows 10 Home
    # Cleaned: 6
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Prefetch
    [+] Delete Tracing Keys
    [+] Reset Windows Firewall
    [+] Reset Chromium Policies
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1250 octets] - [23/12/2018 19:17:40]
    AdwCleaner[C00].txt - [1436 octets] - [23/12/2018 19:18:10]
    AdwCleaner[S01].txt - [1372 octets] - [23/12/2018 19:32:39]
    AdwCleaner[C01].txt - [1610 octets] - [23/12/2018 19:33:01]
    AdwCleaner[S02].txt - [1494 octets] - [26/01/2019 11:46:42]
    AdwCleaner[C02].txt - [1781 octets] - [26/01/2019 11:47:06]
    AdwCleaner[S03].txt - [1616 octets] - [13/02/2019 20:05:44]
    AdwCleaner[C03].txt - [1880 octets] - [13/02/2019 20:06:14]
    AdwCleaner[S04].txt - [2574 octets] - [21/02/2019 22:28:39]
    AdwCleaner[C04].txt - [2654 octets] - [21/02/2019 22:35:12]
    AdwCleaner[S05].txt - [1860 octets] - [03/03/2019 23:27:13]
    AdwCleaner[S06].txt - [1921 octets] - [07/03/2019 17:54:49]
    AdwCleaner[S07].txt - [1982 octets] - [29/03/2019 12:04:40]
    AdwCleaner[C07].txt - [2246 octets] - [29/03/2019 12:05:12]
    AdwCleaner[S08].txt - [2860 octets] - [17/05/2019 18:20:15]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    One thing I picked up on was Norton safe search uses ASK search engine, ASK search is typically something we remove but here its attached to Nortons.

    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}

    ~~~
    When you have the redirect can you do a screen shot?, what I'd like to see is the url involved or if it can give some type of name that we could go after.

    ~~~

    Let's try refreshing the DNS

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: Bitsadmin /Reset /Allusers
    Emptytemp:
    End::
    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Has Symantec/Nortons working as it should?

    ~~~~~~~~~~~~~~~~~~

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default "Has Symantec/Nortons working as it should?"

    About the title of this reply... no, not so much. When I realized what I was looking at (It's pretty ambiguous to a newbie) I ran a clean FRST, then started this thread as well as contacted Norton support with a ticket being as their logs showed a particular intrusion being blocked twice before being logged in as a public network as well as my Norton control panel showed a "smart" firewall that looked way loose. I don't honestly know the differences, so, rely on Norton default settings. lately I notice major settings changes I didn't make, this should give an indicator of how penetrated things are. Point is I can't, with my skill set trust the defaults... I'm getting distracted, back to Norton support, I submitted a screen shot from the FRST, showing a particular Norton component that seemed relevant. they replied, no that's safe, case closed. I reopen with the ticket, uploading the complete FRST logs to them, the FireFox profile defaults alone should have told them they had a problem with there default search. Reply was "no problems, case closed" At that point, I've let it slide and focused on documenting the infection as I work on it here. I can, and will reopen the support ticket. I just don't want to get two fixes conflicting, so at any point that you want, I'll have them use remote login. This will get more involved than just a malware fix, I was thinking that there are aspects we will see that may just look familiar to other readers and overall be at least useful. It's important for people (especially the average user like myself) to realize that my only clue, without special tools running, would have been anything other than that their browser preferred Yahoo. Many people don't really care and would have looked no further, but we are way down a metaphorical "rabbit hole" and its not obvious unless I look in the correct places that anythings really wrong. ( I am piling up Gigs and Gigs of data as this progresses, but there will be interesting things to see) I'll bet for example that the public connection was a "pub. server" that is one port I don't want to see active.
    The Emsi logs reflect a scan run in a default admin mode, it took off and ran without letting me check anything. I'll attach the full copy/pasted url on the redirect (It's rather involved) along with an overall screenshot of the site. It's worth noting that entering the full url into VirusTotal links to the Yahoo that gets a 0/70 perfect detection score, but wait for it... when you switch to open it in Graphs, you get a "No results" result. (I love Irony, but that stinks)
    If I should get knocked off this machine I'll be in touch through the back up address I gave earlier, thanks again for your help.
    Attached Images Attached Images
    Attached Files Attached Files

  6. #6
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default Oh yes, forgot this on the last upload, sorry.

    See title.
    Attached Files Attached Files

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    I think, through my mediocre detective work, the Yahoo search engine is coming from Symantec

    hxxps://search-yahoo-/yhs/search?typ...ion=244&cmpgn=catalyst&hspart=symantec&hsimp=yhs- <= dont click on the link I tried to disable it but the board is acting crazy

    The reason I had asked if Nortons was working as it should is because I had seen a few errors reported through FRST
    Date: 2019-05-15 14:01:03.837
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Through trying to go into help pages, others with the same issue, there actually was no resolve since they felt it was related to the security panel as being recognized as your antivirus, and it is....

    OK
    What we can do, remove the browser helpers from Nortons (If it will allow it), then reset the browsers back to default and see if this can stop whats been happening.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.norton.com/?prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&o=APN11915&cmpgn=zeus
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL =
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.1.50&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&cmpgn=rapha&gct=kwd&qsrc=2869
    C:\Windows\Temp\*.*
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Backup Internet Explorer Favourites
    Backup Firefox Bookmarks
    Backup Chrome Bookmarks

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Reset all browsers settings to default.

    Microsoft Edge
    https://www.howtogeek.com/237527/how...in-Windows-10/

    Internet Explorer
    https://malwaretips.com/blogs/reset-...orer-settings/

    Mozilla Firefox
    If you are syncing your account in multiple devices you need to remove/disable it before execute the steps below.
    https://support.mozilla.org/en-US/kb...s-fix-problems

    Google Chrome
    Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important
    https://forums.malwarebytes.com/topi...ys-comes-back/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default More "Stuff"

    The info on the errors that you posted was very interesting, and would account for some whacko behavior I've been watching lately. I did recognize some of that from logs we recently dealt with. Things got so flakey after my last post that I did a login remote with Norton, after about three hours, they ended up dumping my Frst and Emsi software as well as a couple of bat files that I was wondering about anyway.
    At any rate, one tech tweaked the browser settings to search google by way of Bing, This worked briefly for my Firefox but the Yahoo cookies/data reinstalled around the block I have and once again I'm redirecting to "Yahoo know who" ( Watch for updates soon).
    With the changes N.S. made, I'm not sure the original Frst scan entry logs are as relevant as when we began this thread. I did run the latest fixlist though but I'll wait for your opinion. Along with latest frst fixlog, I'll be posting a txt file that is the full url it loads for a search of "safernetworking" If I click the link to go to most relevant (and this page looks pretty sharp) I get a "failed connection" load, as well as a screenshot of a (very high probability) fake page that loaded as the remote tech tried to re-establish a blocked connection. (If that url posts as a live link please avoid it, I'll separate the first line yahoo and the .com part as a precaution. In case someone wants to intentionally connect to it they will need to close that space.)

    Thanks again, Cheers
    Attached Images Attached Images
    Attached Files Attached Files

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    Look back over my post #7, did you by chance follow that?


    Also, could you do another scan with FRST and post FRST.txt & Addition.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Senior Member
    Join Date
    Jun 2014
    Posts
    148

    Default Still chipping away

    I've attached the latest scans as well as went over #7 again, It is entirely possible that I'm getting something wrong but i believe its correct. I did, early in this process reset my FF, things got really, noticeably stranger after that. This time, things started up with a boatload of new trackers including our friendly Yahoo junk. I haven't checked the super list yet but I'll bet its going to be... prolific. One thing I did notice while messing around in edge, is there are two accounts, mine and one titled work, school or group, I believe. I'm curious because it seem to be a working account(I don't want to open it at this point) and I see network connections from time to time that I can't make sense of. I also in mDNS devices at random times, a program called, I believe, tcp-scan-local(close approximation only), it says its attached to my Kodak software... the one with all the unsigned files, and is connecting to a lot more than I believe it really needs access to. I also would like to see the media device designation my c drive gives to the winmedia player, that might be leaky also. Oh ya, I'm still locked out of my VT account there seems to be a problem with the two factor authentication, still working on that. Thanks again.
    The attached png is a shot of a site and software I don't know, but it appears to be a vector point while going through logs on the W S, VT as well as other points.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
    Ran by oldman (administrator) on EUSTACE (Hewlett-Packard HP Pavilion g6 Notebook PC) (20-05-2019 12:06:12)
    Running from C:\Users\oldman\Desktop
    Loaded Profiles: oldman (Available Profiles: oldman)
    Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8765216 2017-10-03] (University of California, Berkeley -> Space Sciences Laboratory)
    HKLM\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company -> Eastman Kodak Company)
    HKLM-x32\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOab1err] => C:\Program Files (x86)\KODAK VERITE\ErrorApp\KOab1err.exe [1027752 2016-12-21] (Funai Electric Co., Ltd. -> )
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [KOBAAmon] => C:\Program Files (x86)\KODAK VERITE 50 Series\KOBAAmon.exe [85504 2015-08-25] (FUNAI ELECTRIC CO., LTD. -> )
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-07-12] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
    HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
    HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F769B5-CA2B-47FB-B8C6-3715E360F484} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [132445408 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
    Task: {07028ECD-38D7-400B-80CB-D0456301472F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {2726B58A-B733-4E96-B674-56C356CFF017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {37F9480B-8DEB-43D0-9E41-A625011C1442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
    Task: {3C1E18F9-257E-4364-8991-D751F7AAE0AF} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {3DD76305-B0D8-4F5D-97E7-9FEA995DB0EB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
    Task: {3FB3FE7E-E4D6-4325-A192-9F9937626A48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {406E8E03-EC34-4003-B34C-54181D91740B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {449FBA74-592C-4FC3-B302-EFBBC5B5ADD5} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {4563DDB4-F29D-41C5-BD80-916194542CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
    Task: {4DAE6865-85B2-4C42-B996-B4788C51FAA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
    Task: {5B316DC0-10D2-46AE-B209-4DD1ED06E7F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
    Task: {5CD794F9-93E4-47AE-ADF4-EA1CE940799B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
    Task: {625F82D9-2B09-4DF1-80B8-473B87149FDA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
    Task: {6E39ED3E-6BA2-4DC8-8196-9C48C649D047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
    Task: {712380AE-444E-42C6-B403-F18182DBE18C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {738E86C6-EB1F-4D92-9DD0-BD4999046DD5} - System32\Tasks\{CA2AE62A-A74C-4B89-B292-C0CEAD185B3D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\oldman\Downloads\FirmwareFlashLauncher.exe -d C:\Users\oldman\Downloads
    Task: {7B9F5986-9672-431A-BB77-F26DB87891FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8DE33D83-A2B7-4062-AD8F-90FC5CDB35DE} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {906112A5-8DB6-4037-B3BB-A2558320F864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A3CAE410-8F44-4EAE-9AC2-3321CDAE05F9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe [2226856 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {A5E6FF83-1A31-44C2-974C-608D72C3429E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
    Task: {A68CF779-F57A-4803-B0BD-475F71877D10} - System32\Tasks\HPCeeScheduleForoldman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {AD73D9D2-71DE-4681-BB26-DC2BF988AB1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
    Task: {AF2A4667-1035-4591-B9E4-F6A5E88F221E} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {B89BC3A9-54C9-4204-8B03-A529BF74315F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    Task: {BCF0AD8B-2630-48AE-B7B4-5D1683D33A9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
    Task: {C0201CFA-6DE0-4EE2-89AC-D9D2295A8D3A} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {C13D20A5-1190-4AA5-997E-48BC2E485A09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {C18EC821-F9CF-414E-BA3D-746F1B35386D} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {CDB556A4-5C9F-4AD2-8970-C18C764D957C} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.11.0.41\SymErr.exe [102008 2017-10-03] (Symantec Corporation -> Symantec Corporation)
    Task: {D44969E2-EE54-4B65-8642-B0B9E74EFDBB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {D7F94A5C-3056-4495-8235-CBE7E9F0B4F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe
    Task: {EDD003E6-D73B-4ECA-A7B0-D861534AEA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
    Task: {F54B23B4-27B4-4D82-B1E6-98428EA28144} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.1.50\SymErr.exe [101392 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Task: {FC364449-3F8D-40B7-AFA2-34B96D70A3DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{092ddd55-79b1-44d1-9ce6-73e9a22b6de7}: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{5889e5ee-8f53-452a-bd13-e94a89883ece}: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{68620759-20aa-45aa-8e06-fa9a7c5c7e09}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{a288676d-84d4-440a-bf60-55523387af7e}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c4242d06-1fdf-461b-ace5-caf4862e837d}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{c9ebb1fc-1913-46ad-9c39-fe0f9392fa0a}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{da633539-be76-4269-8034-bd1925400c3e}: [DhcpNameServer] 192.168.0.1 205.171.3.65

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-901587214-2200967626-3004657440-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.16.4.15&locale=en_US&guid=7F33257B-BE93-40EC-9D23-A091A86B98D4&doi=2019-02-13&gct=kwd&qsrc=2869
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: 1rctsaab.default-1466821123041-1558375088613
    FF ProfilePath: C:\Users\oldman\AppData\Roaming\Mozilla\Firefox\Profiles\1rctsaab.default-1466821123041-1558375088613 [2019-05-20]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.) [File not signed]
    FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: hp.com/HPDetect -> C:\Users\oldman\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
    FF Plugin HKU\S-1-5-21-901587214-2200967626-3004657440-1003: jpl.nasa.gov/NASAEyes -> C:\Users\oldman\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [257032 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-26] (BattlEye Innovations e.K. -> )
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077568 2017-04-10] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe [225608 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\NSVService.exe [6113296 2018-12-17] (Symantec Corporation -> Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.1.50\nsWscSvc.exe [935248 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43840 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21635072 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [673816 2015-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
    S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation -> AppEx Networks Corporation)
    R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20190514.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\ccSetx64.sys [192704 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-03-24] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-13] (Symantec Corporation -> Symantec Corporation)
    R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [31040 2012-09-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20190518.061\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
    R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [82752 2019-01-12] (Insecure.Com LLC -> Insecure.Com LLC.)
    U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
    S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
    S3 RzDev_0060; C:\WINDOWS\System32\drivers\RzDev_0060.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
    R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SRTSPX64.SYS [49888 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SYMEFASI64.SYS [1998552 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\SymELAM.sys [25744 2019-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-30] (Symantec Corporation -> Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [709128 2019-04-27] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\Ironx64.SYS [315912 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [57000 2012-06-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
    R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (Tomasz Moń -> USBPcap)
    S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation -> Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)
    U4 npcap_wifi; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-20 12:06 - 2019-05-20 12:09 - 000033328 _____ C:\Users\oldman\Desktop\FRST.txt
    2019-05-20 11:50 - 2019-05-20 11:50 - 001602785 _____ C:\Users\oldman\Desktop\bookmarks.html
    2019-05-20 11:49 - 2019-05-20 11:49 - 001602785 _____ C:\Users\oldman\Desktop\FF bookmark backup.html
    2019-05-19 20:42 - 2019-05-12 23:06 - 000454145 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190519-204248.backup
    2019-05-19 20:35 - 2019-05-19 20:35 - 000003872 _____ C:\Users\oldman\Desktop\network connection status.txt
    2019-05-19 19:11 - 2019-05-20 10:51 - 000000695 _____ C:\Users\oldman\Desktop\Safernetworking yahoo url load.txt
    2019-05-19 16:58 - 2019-05-19 16:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2019-05-19 16:41 - 2019-05-19 16:41 - 000000083 _____ C:\Users\oldman\Desktop\flush question.txt
    2019-05-19 16:23 - 2019-05-20 12:05 - 000000000 ____D C:\Users\oldman\Desktop\first frst logs and fixlog
    2019-05-19 16:21 - 2019-05-19 16:21 - 002435072 _____ (Farbar) C:\Users\oldman\Desktop\FRST64.exe
    2019-05-18 19:54 - 2019-05-18 19:54 - 004895524 _____ C:\Users\oldman\Desktop\W S 5-18 after norton restarted.pcapng
    2019-05-18 19:03 - 2019-05-18 19:03 - 000064544 _____ C:\Users\oldman\Desktop\W S after Norton.pcapng
    2019-05-18 17:31 - 2019-05-18 17:31 - 005167504 _____ (Symantec Corporation) C:\Users\oldman\Downloads\NFT.exe
    2019-05-18 17:31 - 2019-05-18 17:31 - 000000000 ____D C:\ProgramData\Norton NFT
    2019-05-18 16:35 - 2019-05-18 16:35 - 000002358 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Support.lnk
    2019-05-18 16:01 - 2019-05-18 16:01 - 000000008 _____ C:\Users\oldman\Desktop\second norton id.txt
    2019-05-18 14:35 - 2019-05-18 14:36 - 009155228 _____ C:\Users\oldman\Desktop\W S 5-18 after spybot login now.pcapng
    2019-05-18 12:07 - 2019-05-18 12:07 - 000000495 _____ C:\Users\oldman\Desktop\emsi clean log.txt
    2019-05-18 11:26 - 2019-05-18 11:27 - 283252560 _____ C:\Users\oldman\Desktop\W S 5-18 thru emsiupdate.pcapng
    2019-05-18 11:11 - 2019-05-18 11:14 - 333135560 _____ C:\Users\oldman\Desktop\EmsisoftEmergencyKit.exe
    2019-05-18 00:22 - 2019-05-18 00:22 - 000163792 _____ C:\Users\oldman\Desktop\W S logging into SaferNetworking 5-18.pcapng
    2019-05-17 22:22 - 2019-05-17 22:22 - 016454912 _____ C:\Users\oldman\Desktop\W S 5-17 3.pcapng
    2019-05-17 20:53 - 2019-05-17 20:53 - 000000200 _____ C:\Users\oldman\Desktop\Listening ports.txt
    2019-05-17 18:15 - 2019-05-17 18:16 - 007025360 _____ (Malwarebytes) C:\Users\oldman\Desktop\AdwCleaner.exe
    2019-05-17 18:15 - 2019-05-17 18:15 - 003611456 _____ C:\Users\oldman\Desktop\W S lateafternoon 5-17.pcapng
    2019-05-17 17:35 - 2019-05-17 17:35 - 011084244 _____ C:\Users\oldman\Desktop\W S 5-17 2.pcapng
    2019-05-17 17:34 - 2019-05-18 10:54 - 000000000 ____D C:\Users\oldman\Desktop\FRST-OlderVersion
    2019-05-17 17:26 - 2019-05-17 17:26 - 264438511 _____ C:\Users\oldman\Desktop\ProcessMo.PML. CTL.PML
    2019-05-17 16:59 - 2019-05-18 18:56 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
    2019-05-17 13:55 - 2019-05-17 13:55 - 022200660 _____ C:\Users\oldman\Desktop\W S 5-17 A.pcapng
    2019-05-17 13:27 - 2019-05-17 13:27 - 000000695 _____ C:\Users\oldman\Desktop\Yahoo redirect full url as of 5-17.txt
    2019-05-17 09:23 - 2019-05-17 09:23 - 000067817 _____ C:\Users\oldman\Desktop\43226650.pdf
    2019-05-16 23:57 - 2019-05-16 23:57 - 019692844 _____ C:\Users\oldman\Desktop\5-16 5th.pcapng
    2019-05-16 21:41 - 2019-05-16 21:41 - 000011980 _____ C:\Users\oldman\Desktop\5-16 ethernet 4 loop back.pcapng
    2019-05-16 21:39 - 2019-05-16 21:39 - 072023512 _____ C:\Users\oldman\Desktop\W S 5-16 third local scanner in 1st 100.pcapng
    2019-05-16 21:13 - 2019-05-16 21:13 - 010658676 _____ C:\Users\oldman\Desktop\W S 5-16 second.pcapng
    2019-05-16 20:20 - 2019-05-16 23:29 - 000000197 _____ C:\Users\oldman\Desktop\Duckware infection 5-16.txt
    2019-05-16 18:22 - 2019-05-16 18:23 - 000000000 ____D C:\Users\oldman\Desktop\adlice bot 5-16
    2019-05-16 18:19 - 2019-05-16 18:19 - 000000135 _____ C:\Users\oldman\Desktop\5-16 stuff Y redir info.txt
    2019-05-16 18:17 - 2019-05-16 18:17 - 033734900 _____ C:\Users\oldman\Desktop\W S 5-16.pcapng
    2019-05-16 12:12 - 2019-05-16 12:17 - 000000000 ____D C:\Users\oldman\Desktop\5-15 IE cookies likely safe
    2019-05-16 00:38 - 2019-05-16 00:38 - 000000780 _____ C:\Users\oldman\Desktop\MRI - Shortcut.lnk
    2019-05-15 23:12 - 2019-05-15 23:12 - 000000000 ____D C:\RegBackup
    2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
    2019-05-15 20:42 - 2019-05-15 20:42 - 076647212 _____ C:\Users\oldman\Desktop\W-S 5-15 F.F refresh.pcapng
    2019-05-15 20:41 - 2019-05-15 20:41 - 000000196 _____ C:\Users\oldman\Desktop\W-S redirector. com etc..txt
    2019-05-15 14:26 - 2019-05-15 14:26 - 000393168 _____ (Bleeping Computer, LLC) C:\Users\oldman\Desktop\show-hidden.exe
    2019-05-15 13:21 - 2019-05-15 13:21 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-05-15 13:21 - 2019-05-15 13:21 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-05-15 13:21 - 2019-05-15 13:21 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2019-05-15 13:21 - 2019-05-15 13:21 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
    2019-05-15 13:21 - 2019-05-15 13:21 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-05-15 13:20 - 2019-05-15 13:21 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-05-15 13:20 - 2019-05-15 13:20 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-05-15 13:20 - 2019-05-15 13:20 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2019-05-15 13:20 - 2019-05-15 13:20 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-05-15 13:20 - 2019-05-15 13:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2019-05-15 13:20 - 2019-05-15 13:20 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-05-15 13:20 - 2019-05-15 13:20 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2019-05-14 21:07 - 2019-05-14 21:07 - 000000064 _____ C:\Users\oldman\Desktop\WFA address.txt
    2019-05-14 16:47 - 2019-05-18 14:13 - 000000229 _____ C:\Users\oldman\Desktop\stuff to scan 2day.txt
    2019-05-14 15:17 - 2019-05-14 15:20 - 422061832 _____ C:\Users\oldman\Desktop\5-14 fun.pcapng
    2019-05-14 14:50 - 2019-05-15 13:50 - 000000606 _____ C:\Users\oldman\Desktop\Todays stuff.txt
    2019-05-12 23:06 - 2019-04-04 13:11 - 000454145 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190512-230640.backup
    2019-05-12 14:27 - 2019-05-12 14:27 - 002060772 _____ C:\Users\oldman\Desktop\code.jquery WS.pcapng
    2019-05-10 21:15 - 2019-05-10 22:01 - 000000443 _____ C:\Users\oldman\Desktop\J.Swift quote.txt
    2019-05-10 18:46 - 2019-05-10 18:47 - 000388608 _____ (Trend Micro Inc.) C:\Users\oldman\Desktop\HijackThis.exe
    2019-05-10 09:13 - 2019-05-20 12:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
    2019-05-10 09:12 - 2019-05-10 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2019-05-10 09:12 - 2019-05-10 09:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2019-05-08 18:13 - 2019-05-08 18:13 - 001054490 _____ C:\Users\oldman\Desktop\ProcessMonitor.zip
    2019-05-08 14:26 - 2019-05-08 18:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2019-05-05 13:34 - 2019-05-05 13:34 - 000000260 _____ C:\Users\oldman\Desktop\Gaba Lyrica links.txt
    2019-05-03 16:14 - 2019-05-03 16:14 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
    2019-05-03 16:14 - 2019-05-03 16:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2019-05-03 16:13 - 2019-05-03 16:14 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2019-05-03 16:13 - 2019-05-03 16:13 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2019-05-03 16:13 - 2019-05-03 16:13 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-05-03 16:13 - 2019-05-03 16:13 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
    2019-05-03 16:13 - 2019-05-03 16:13 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
    2019-05-03 16:13 - 2019-05-03 16:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
    2019-05-03 16:12 - 2019-05-03 16:12 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-05-03 16:12 - 2019-05-03 16:12 - 000806600 _____ C:\WINDOWS\system32\locale.nls
    2019-05-03 16:12 - 2019-05-03 16:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2019-05-03 16:12 - 2019-05-03 16:12 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-05-03 16:12 - 2019-05-03 16:12 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2019-05-03 16:12 - 2019-05-03 16:12 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2019-04-25 13:13 - 2019-04-25 13:14 - 029937376 _____ (Adlice Software ) C:\Users\oldman\Desktop\setup(1).exe
    2019-04-22 16:15 - 2019-04-22 16:16 - 000000000 ____D C:\Users\oldman\Desktop\Genesight Copy

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-05-20 12:09 - 2019-01-12 12:30 - 000935120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-05-20 12:09 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
    2019-05-20 12:06 - 2018-12-06 16:03 - 000000000 ____D C:\FRST
    2019-05-20 12:03 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-05-20 12:02 - 2015-12-03 22:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2019-05-20 12:01 - 2019-01-12 12:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-05-20 12:01 - 2016-08-20 10:31 - 000000000 ____D C:\ProgramData\Kodak
    2019-05-20 12:00 - 2018-09-15 00:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-05-20 12:00 - 2015-07-29 03:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2019-05-20 11:59 - 2016-11-28 01:03 - 000000000 ____D C:\Users\oldman\AppData\LocalLow\Mozilla
    2019-05-20 11:58 - 2019-02-10 15:06 - 000000000 ____D C:\Users\oldman\Desktop\Old Firefox Data
    2019-05-19 20:49 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Battle.net
    2019-05-19 20:11 - 2018-06-12 18:34 - 000000000 ____D C:\ProgramData\SecTaskMan
    2019-05-19 15:24 - 2019-01-12 12:27 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6FF1BE5-40C3-4B52-A236-97274056599C}
    2019-05-18 19:54 - 2019-03-04 16:43 - 000000000 ____D C:\Users\oldman\Desktop\ProcessMonitor
    2019-05-18 18:29 - 2018-06-02 15:13 - 000000000 ____D C:\Users\oldman\AppData\Local\D3DSCache
    2019-05-18 18:12 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-05-18 18:12 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-05-18 18:12 - 2017-12-09 01:36 - 000000000 ____D C:\Users\oldman\AppData\Local\Packages
    2019-05-18 15:49 - 2016-06-26 04:54 - 000000000 ____D C:\Users\oldman\AppData\Local\NPE
    2019-05-18 15:46 - 2017-05-02 14:10 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForoldman.job
    2019-05-18 14:45 - 2015-05-23 09:11 - 000000000 ____D C:\Users\oldman\AppData\Local\CrashDumps
    2019-05-18 12:10 - 2017-05-28 15:25 - 000000000 ____D C:\EEK
    2019-05-18 11:16 - 2019-01-12 12:27 - 000003248 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForoldman
    2019-05-18 09:50 - 2019-01-12 12:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-05-17 22:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-05-16 21:21 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-05-16 21:19 - 2019-04-10 12:06 - 000000000 ____D C:\Program Files (x86)\Razer
    2019-05-15 22:47 - 2019-04-10 12:18 - 000000000 ____D C:\Users\oldman\AppData\Local\Razer
    2019-05-15 22:47 - 2019-04-10 12:07 - 000000000 ____D C:\ProgramData\Razer
    2019-05-15 22:46 - 2019-04-10 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2019-05-15 22:46 - 2019-04-10 12:14 - 000000000 ____D C:\Program Files\Razer
    2019-05-15 22:42 - 2019-01-12 12:12 - 000000000 ____D C:\Users\oldman
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ___HD C:\jexepackres
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Users\oldman\applogs
    2019-05-15 22:42 - 2016-08-11 14:50 - 000000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
    2019-05-15 14:47 - 2019-03-02 17:10 - 000301208 _____ C:\Users\oldman\Desktop\Show-Hidden.txt
    2019-05-15 14:15 - 2018-11-01 16:21 - 000000000 ____D C:\Users\oldman\Desktop\malware tools
    2019-05-15 14:02 - 2019-01-12 12:04 - 000284848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-05-15 13:57 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-05-15 13:26 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-05-14 23:49 - 2019-01-12 12:27 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-05-14 23:48 - 2019-02-12 15:21 - 006194744 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2019-05-14 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-05-14 23:12 - 2015-05-03 12:09 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2019-05-14 15:57 - 2015-10-21 19:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-05-14 15:23 - 2015-05-03 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-05-14 15:13 - 2015-05-03 19:25 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-05-13 15:23 - 2018-09-15 01:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-05-13 15:23 - 2018-09-15 01:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-05-12 12:40 - 2018-06-23 20:30 - 000000000 ____D C:\Users\oldman\Desktop\scan logs and stuff
    2019-05-11 23:14 - 2019-01-12 12:27 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-901587214-2200967626-3004657440-1003
    2019-05-11 23:14 - 2019-01-12 12:12 - 000002403 _____ C:\Users\oldman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-05-11 23:14 - 2015-06-27 12:46 - 000000000 ___RD C:\Users\oldman\OneDrive
    2019-05-11 19:27 - 2019-03-30 20:51 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-05-10 22:22 - 2019-02-13 11:45 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2019-05-10 14:50 - 2015-07-29 00:21 - 000000000 ____D C:\Users\oldman\AppData\Local\ElevatedDiagnostics
    2019-05-10 09:41 - 2015-06-10 01:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-05-10 09:12 - 2018-02-26 15:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2019-05-09 23:33 - 2015-05-03 12:07 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2019-05-08 23:15 - 2018-06-27 01:41 - 000000000 ____D C:\ProgramData\Packages
    2019-05-08 18:38 - 2015-05-03 11:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-05-08 17:40 - 2015-05-03 11:47 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-05-08 13:50 - 2018-01-03 21:16 - 000000000 ____D C:\Users\oldman\AppData\Local\PlaceholderTileLogoFolder
    2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
    2019-05-03 17:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-04-23 12:15 - 2015-05-03 12:07 - 000000000 ____D C:\Users\oldman\AppData\Local\Blizzard Entertainment
    2019-04-21 18:53 - 2018-04-13 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-04-21 18:53 - 2015-06-13 14:02 - 000000000 ____D C:\Program Files (x86)\Java
    2019-04-21 18:52 - 2018-04-13 01:24 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

    ==================== Files in the root of some directories =======

    2019-05-15 22:42 - 2019-05-15 22:42 - 000111688 _____ (Duckware) C:\Users\oldman\x.exe
    2015-08-15 18:31 - 2018-11-02 19:18 - 000011264 _____ () C:\Users\oldman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-08-01 13:43 - 2019-05-06 13:17 - 000140696 _____ () C:\Users\oldman\AppData\Local\installer.log
    2015-08-01 13:43 - 2015-08-01 13:43 - 000000236 _____ () C:\Users\oldman\AppData\Local\LaunchHomeCenter.log
    2015-05-23 09:41 - 2018-02-14 00:28 - 000007674 _____ () C:\Users\oldman\AppData\Local\resmon.resmoncfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
    Ran by oldman (20-05-2019 12:11:25)
    Running from C:\Users\oldman\Desktop
    Windows 10 Home Version 1809 17763.503 (X64) (2019-01-12 18:50:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-901587214-2200967626-3004657440-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-901587214-2200967626-3004657440-503 - Limited - Disabled)
    Guest (S-1-5-21-901587214-2200967626-3004657440-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-901587214-2200967626-3004657440-1009 - Limited - Enabled)
    oldman (S-1-5-21-901587214-2200967626-3004657440-1003 - Administrator - Enabled) => C:\Users\oldman
    WDAGUtilityAccount (S-1-5-21-901587214-2200967626-3004657440-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
    center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{32F06015-D852-4A57-A0DD-8D08D17633AC}) (Version: 10.4.0156 - Hewlett-Packard)
    HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.1.6.1 - HP)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
    HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
    Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
    Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
    KODAK VERITE 50 Series Uninstaller (HKLM\...\KODAK VERITE 50 Series) (Version: - FUNAI ELECTRIC CO., LTD.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\OneDriveSetup.exe) (Version: 19.062.0331.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
    Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 1.7.0.325 - Symantec Corporation)
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
    Norton WiFi Privacy (HKLM-x32\...\Norton WiFi Privacy) (Version: 1.4.9 - Symantec Corporation)
    Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    Python 3.5.2 (32-bit) (HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
    Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Security Task Manager 2.3 (HKLM-x32\...\Security Task Manager) (Version: 2.3 - Neuber Software)
    Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
    TreeSize Free V4.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.3.1 - JAM Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
    USBPcap 1.2.0.4 (HKLM\...\USBPcap) (Version: 1.2.0.4 - Tomasz Mon)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
    WorldWide Telescope (HKLM-x32\...\{412B591F-3F86-4A1C-9DF6-854892DE27BB}) (Version: 5.5.03 - WorldWide Telescope)

    Packages:
    =========
    All My LAN -> C:\Program Files\WindowsApps\13258Thoroughsoft.AllMyLAN_1.1.7.0_x64__set6qczgvnq5g [2019-04-17] (Thoroughsoft)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.139.500.0_x86__kgqvnymyfvs32 [2019-05-16] (king.com)
    Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_3.1904.1071.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Corporation)
    Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_3.9.0.7_x86__h6adky7gbf63m [2019-04-17] (Gameloft.)
    HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
    HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2018-10-17] (Hewlett-Packard Company)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-08] (Hulu.)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2018-10-17] (AMZN Mobile LLC)
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios)
    Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
    Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2018-10-17] (Microsoft Platform Extensions)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
    Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2019-04-17] (Shipwreck Software)
    Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-10-17] (Symantec Corporation)
    Spider Solitaire HD -> C:\Program Files\WindowsApps\32988BernardoZamora.SpiderSolitaireHD_1.18.0.27_x64__1fgex2kbsn6g8 [2018-10-17] (Bernardo Zamora)
    TreeSize Free -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_4.3.1.0_x86__37s2tpab2h9zg [2019-03-05] (JAM Software)
    Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-17] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-901587214-2200967626-3004657440-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2019-05-15 16:04 - 2019-05-15 16:04 - 000158720 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\bfaba15225107d64a1ca5089d9f628b4\Interop.EKAiO2SDKLib.ni.dll
    2012-08-08 11:36 - 2012-08-08 11:36 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-08-08 11:36 - 2012-08-08 11:36 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2015-08-31 10:59 - 2015-08-31 10:59 - 000075264 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
    2019-05-15 16:05 - 2019-05-15 16:05 - 000301568 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\ebc75979fdd4f73eda4e4aa3974d6e26\Inkjet.Automation.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000076800 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\1d50106c70b058ee446a69dbd9d0365c\Inkjet.Configuration.ni.dll
    2019-05-15 16:05 - 2019-05-15 16:05 - 000095232 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Devidd83fa01#\5e748ddf2bce6f1c5ca72d8427d5a197\Inkjet.DeviceSettings.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000101376 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\4583ba5b8ed25dbbfad142cee7a41688\Inkjet.Diagnostics.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000860672 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\f28566234fbd40dd84464627fcda3819\Inkjet.Hardware.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000235520 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\53cab144c1e2e8484e7204d8ea5a4603\Inkjet.Localization.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000178176 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\ce8a5fc2f2f0eebd219f20054b3231b6\Inkjet.Statistics.ni.dll
    2019-05-15 16:04 - 2019-05-15 16:04 - 000328704 _____ (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\cab78a1d329d5d84060bfb725ebe3b93\Inkjet.Utilities.ni.dll
    2019-05-15 14:12 - 2019-05-15 14:12 - 004334080 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\hp.supportf7f36df2d#\3ac57dcdf36e437d48248c4abfb1608a\hp.supportframework.localization.ni.dll
    2019-05-15 14:13 - 2019-05-15 14:13 - 001539584 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\HP.SupportFcb4ea9d2#\f05e7ad82777632a751a3388608c784e\HP.SupportFramework.UI.ni.dll
    2015-05-03 00:33 - 2012-07-13 19:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2015-05-03 00:33 - 2012-02-07 16:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7945 more sites.

    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\123simsen.com -> www.123simsen.com

    There are 7946 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-05-21 21:01 - 2019-05-19 20:42 - 000454145 ____R C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 15617 more lines.


    2017-09-14 18:48 - 2017-09-14 18:53 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\oldman\Pictures\Spacey pictures\3772-84mcnaught_druckmuller720.jpg
    DNS Servers: 192.168.0.1 - 205.171.3.65
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run: => "boinctray"
    HKLM\...\StartupApproved\Run: => "KOBAAmon"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "KOBAAmon"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "Spy Protector"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "EpicGamesLauncher"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{AE5993B9-03A9-46E9-8694-2765918F23AF}] => (Allow) LPort=9322
    FirewallRules: [{C8A56426-7E8C-4E29-B1DE-1199BAF03A24}] => (Allow) LPort=5353
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    13-05-2019 13:03:24 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR eustace.local.

    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR eustace-2.local.

    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.

    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 169.254.106.144:5353 17 144.106.254.169.in-addr.arpa. PTR eustace-2.local.

    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 181.13.254.169.in-addr.arpa. PTR eustace.local.

    Error: (05/20/2019 12:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 169.254.13.181:5353 17 181.13.254.169.in-addr.arpa. PTR eustace-2.local.

    Error: (05/20/2019 12:02:06 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.

    Error: (05/20/2019 12:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 144.106.254.169.in-addr.arpa. PTR eustace.local.


    System errors:
    =============
    Error: (05/20/2019 12:01:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (05/20/2019 12:01:46 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (05/19/2019 06:29:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {0358B920-0AC7-461F-98F4-58E32CD89148}
    and APPID
    {3EB3C877-1F16-487C-9050-104DBCD66683}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/19/2019 06:29:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {0358B920-0AC7-461F-98F4-58E32CD89148}
    and APPID
    {3EB3C877-1F16-487C-9050-104DBCD66683}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/19/2019 04:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The APXACC service failed to start due to the following error:
    A device attached to the system is not functioning.

    Error: (05/19/2019 04:33:04 PM) (Source: APXACC) (EventID: 1003) (User: )
    Description: The NDIS6 LWF initialization has failed. (0xC0000001)

    Error: (05/19/2019 04:28:16 PM) (Source: DCOM) (EventID: 10000) (User: eustace)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "0"
    Happened while starting this command:
    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (05/19/2019 04:28:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.


    CodeIntegrity:
    ===================================

    Date: 2019-05-20 12:01:59.049
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-20 12:01:58.992
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-20 12:01:58.915
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-20 12:01:58.838
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-19 16:33:17.011
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-19 16:33:16.722
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-19 16:33:16.400
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-05-19 16:33:15.997
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.1.50\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    BIOS: Insyde F.26 02/21/2013
    Motherboard: Hewlett-Packard 1849
    Processor: AMD A4-4300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 58%
    Total physical RAM: 3554.26 MB
    Available physical RAM: 1459.38 MB
    Total Virtual: 6370.26 MB
    Available Virtual: 4259.58 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:567.72 GB) (Free:318.18 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT

    \\?\Volume{4807027d-70e4-4ed9-b189-6eac7a96e0a4}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
    \\?\Volume{c4bc7cea-39ce-4f4a-ab14-7934f0e01657}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
    \\?\Volume{de27d039-3a8b-420a-8f61-0de10dba9383}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS
    \\?\Volume{228ede67-33cc-42ee-9814-03e998f454e7}\ () (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
    \\?\Volume{873941c3-cd87-496d-8c74-8b333ed59eac}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 9E4D4388)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 1.8 GB) (Disk ID: CC5963D4)
    Partition 1: (Not Active) - (Size=1.8 GB) - (Type=0E)

    ==================== End of Addition.txt ============================
    Attached Images Attached Images

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •