FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by butle (administrator) on LAPTOP-OQKK081Q (10-12-2018 17:09:54)
Running from C:\Users\butle\Desktop
Loaded Profiles: butle (Available Profiles: butle)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(LULU Software) C:\Program Files\Soda PDF Desktop 10\creator\common\creator-ws.exe
(LULU Software) C:\Program Files\Soda PDF Desktop 10\updater-ws.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(LULU Software) C:\Program Files\Soda PDF Desktop 10\ws.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(SweetLabs, Inc) C:\Users\butle\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Seagate Technology LLC) C:\Program Files (x86)\Toolkit\Toolkit.exe
(BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Player.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Users\butle\AppData\Local\Microsoft\OneDrive\18.222.1104.0006\FileCoAuth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388416 2017-11-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-11-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-11-29] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [894376 2017-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [876032 2017-10-12] (Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-22] (Apple Inc.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-11-26] (Apple Inc.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-22] (Apple Inc.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-22] (Apple Inc.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [GoogleChromeAutoLaunch_FA2C4950C8D33BDEF966ADF8FEB8B968] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-11-15] (Google Inc.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Run: [Toolkit] => "C:\Program Files (x86)\Toolkit\Toolkit.exe" /WinStart**⚥톕Ⰰ耀鍐ß5*5***C:\ProgramData\Microsoft\Windows\Start Men
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{736dd50f-0b35-48d6-b94a-98ce6e6a8349}: [DhcpNameServer] 150.203.1.3
Tcpip\..\Interfaces\{91411da2-933a-4052-ab38-4f8e13137efc}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{fc7fee32-37f5-451e-846f-e2b00035a835}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-530430974-41699979-3898902672-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-530430974-41699979-3898902672-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-530430974-41699979-3898902672-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-530430974-41699979-3898902672-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1010530&geo=CA&ver=22.10.0.85&locale=en_CA&guid=96AA5B32-4A97-4A27-9E19-B06BBEF79413&doi=2018-02-14&gct=kwd&qsrc=2869
BHO: Soda PDF Desktop 10 Helper -> {058DD5FE-D7C3-4F31-834B-1250FAB5602D} -> C:\Program Files\Soda PDF Desktop 10\creator\plugins\IEAddin\creator-ie-helper.dll [2018-10-31] (LULU Software)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-30] (Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-10] (Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-10] (Oracle Corporation)
BHO-x32: Soda PDF Desktop 10 Helper -> {058DD5FE-D7C3-4F31-834B-1250FAB5602D} -> C:\Program Files (x86)\Soda PDF Desktop 10\creator\plugins\IEAddin\creator-ie-helper.dll [2018-10-31] (LULU Software)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM - Soda PDF Desktop 10 Toolbar - {1F9D0525-D4C6-410A-ABB8-22316471DA59} - C:\Program Files\Soda PDF Desktop 10\creator\plugins\IEAddin\creator-ie-plugin.dll [2018-10-31] (LULU Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Soda PDF Desktop 10 Toolbar - {1F9D0525-D4C6-410A-ABB8-22316471DA59} - C:\Program Files (x86)\Soda PDF Desktop 10\creator\plugins\IEAddin\creator-ie-plugin.dll [2018-10-31] (LULU Software)
Toolbar: HKU\S-1-5-21-530430974-41699979-3898902672-1001 -> No Name - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-530430974-41699979-3898902672-1001 -> hxxps://www.google.ca/?gfe_rd=cr&dcr=0&ei=ixJ2WtDhAqvC8geg-qrYDQ
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-10] (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-530430974-41699979-3898902672-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2018-02-04] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-530430974-41699979-3898902672-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2018-02-04] (TD Ameritrade)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.ca/?gfe_rd=cr&ei=zm_AUpmsA8rV8Abmk4H4CQ"
CHR DefaultSearchURL: Default -> hxxp://private.securesearches.net/search/?category=web&s=73pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Private Searching
CHR DefaultSuggestURL: Default -> hxxp://sug.securesearches.net/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default [2018-12-10]
CHR Extension: (Slides) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-28]
CHR Extension: (Norton Password Manager) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2018-11-27]
CHR Extension: (Docs) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-28]
CHR Extension: (Google Drive) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-03]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-05]
CHR Extension: (YouTube) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-28]
CHR Extension: (Sheets) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-28]
CHR Extension: (Norton Safe Web) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2018-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-05]
CHR Extension: (TweetDeck by Twitter) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-12-28]
CHR Extension: (Crackle) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2017-12-28]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2018-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-03]
CHR Extension: (Abstract Blue) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2017-12-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3089680 2017-11-12] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-11-20] (Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc.)
S2 GameGolfWatchService; C:\Program Files (x86)\GAMEGOLF\WindowsService\GameGolfWatchService.exe [15360 2015-10-26] (Windows User) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-11-16] (AnchorFree Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-27] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [533048 2018-04-17] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71040 2018-11-16] (Lenovo Group Ltd.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-08] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-09-27] (McAfee, Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.16.2.22\nsWscSvc.exe [915712 2018-11-03] (Symantec Corporation)
R3 Soda PDF Desktop 10; C:\Program Files\Soda PDF Desktop 10\ws.exe [2458440 2018-10-31] (LULU Software)
R2 Soda PDF Desktop 10 Creator; C:\Program Files\Soda PDF Desktop 10\creator\common\creator-ws.exe [715592 2018-10-31] (LULU Software)
R2 Soda PDF Desktop 10 Update Service; C:\Program Files\Soda PDF Desktop 10\updater-ws.exe [1683272 2018-10-31] (LULU Software)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [282200 2017-08-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)
S2 0323451538177053mcinstcleanup; C:\WINDOWS\TEMP\032345~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-11-16] (AnchorFree Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\BASHDefs\20181204.001\BHDrvx64.sys [1925104 2018-09-19] (Symantec Corporation)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-01-09] (Bluestack System Inc. )
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\ccSetx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-07] (Symantec Corporation)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-11-27] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136256 2018-04-17] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.14.0.54\Definitions\IPSDefs\20181207.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614464 2018-05-02] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-12-13] (Realtek )
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snUVCg2.sys [1710128 2017-11-05] (Sonix Tech. Co., Ltd.)
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SRTSPX64.SYS [49648 2018-11-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SYMEFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\SymELAM.sys [25744 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-05] (Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.14.0.54\SymPlatform\SymEvnt.sys [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\Ironx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\symnets.sys [567024 2018-11-03] (Symantec Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57944 2017-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610020.016\wpCtrlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-10 17:09 - 2018-12-10 17:10 - 000029518 _____ C:\Users\butle\Desktop\FRST.txt
2018-12-10 17:09 - 2018-12-10 17:09 - 000000000 ____D C:\FRST
2018-12-10 17:08 - 2018-12-10 17:08 - 002417152 _____ (Farbar) C:\Users\butle\Desktop\FRST64.exe
2018-12-10 16:44 - 2018-12-10 16:44 - 000001148 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2018-12-10 16:44 - 2018-12-10 16:44 - 000000000 ____D C:\Program Files\TAP-Windows
2018-12-10 16:43 - 2018-12-10 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2018-12-10 16:43 - 2018-12-10 16:44 - 000000000 ____D C:\ProgramData\Hotspot Shield
2018-12-10 16:43 - 2018-12-10 16:44 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2018-12-10 06:09 - 2018-12-10 06:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-12-07 04:10 - 2018-12-07 04:10 - 000000000 ___HD C:\OneDriveTemp
2018-12-07 02:52 - 2018-12-07 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-11-30 19:45 - 2018-11-30 19:45 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-11-30 19:45 - 2018-11-30 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-11-29 13:05 - 2018-11-29 13:08 - 000000000 ____D C:\Users\butle\Desktop\Misc
2018-11-29 13:03 - 2018-11-29 13:07 - 000000000 ____D C:\Users\butle\Desktop\Barch Wars
2018-11-28 20:16 - 2018-11-28 20:16 - 000000000 ____D C:\Users\butle\AppData\Local\ESET
2018-11-28 20:15 - 2018-11-28 20:16 - 006981240 _____ (ESET spol. s r.o.) C:\Users\butle\Desktop\esetonlinescanner_enu.exe
2018-11-27 19:00 - 2018-11-27 19:01 - 000000000 ____D C:\Users\butle\AppData\Roaming\CyberLink
2018-11-27 19:00 - 2018-11-27 19:00 - 000000000 ____D C:\Users\butle\OneDrive\Documents\CyberLink
2018-11-27 19:00 - 2018-11-27 19:00 - 000000000 ____D C:\Users\butle\AppData\Local\CyberLink
2018-11-23 01:09 - 2018-11-16 02:44 - 000425344 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-11-23 01:09 - 2018-11-16 02:44 - 000206208 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2018-11-23 01:09 - 2018-11-16 02:44 - 000130432 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2018-11-23 01:09 - 2018-11-16 02:44 - 000097664 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2018-11-23 01:09 - 2018-11-16 02:44 - 000043904 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2018-11-18 12:23 - 2018-11-18 13:21 - 000010101 _____ C:\Users\butle\Desktop\Movies from Dan.xlsx
2018-11-16 01:04 - 2018-12-07 02:48 - 000000000 ____D C:\Program Files\rempl
2018-11-14 17:48 - 2018-11-29 13:06 - 000000000 ____D C:\Users\butle\Desktop\Stan Lee
2018-11-13 17:24 - 2018-11-01 02:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 17:24 - 2018-11-01 00:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 17:24 - 2018-11-01 00:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 17:24 - 2018-11-01 00:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 17:24 - 2018-10-31 21:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 17:23 - 2018-11-01 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 17:23 - 2018-11-01 04:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 17:23 - 2018-11-01 04:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 17:23 - 2018-11-01 04:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 17:23 - 2018-11-01 04:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 17:23 - 2018-11-01 04:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 17:23 - 2018-11-01 04:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 17:23 - 2018-11-01 04:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 17:23 - 2018-11-01 04:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 17:23 - 2018-11-01 04:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 17:23 - 2018-11-01 04:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 17:23 - 2018-11-01 04:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 17:23 - 2018-11-01 04:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 17:23 - 2018-11-01 04:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 17:23 - 2018-11-01 04:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 17:23 - 2018-11-01 04:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 17:23 - 2018-11-01 04:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 17:23 - 2018-11-01 04:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 17:23 - 2018-11-01 04:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 17:23 - 2018-11-01 04:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 17:23 - 2018-11-01 03:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 17:23 - 2018-11-01 02:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 17:23 - 2018-11-01 02:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 17:23 - 2018-11-01 02:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 17:23 - 2018-11-01 02:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 17:23 - 2018-11-01 02:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 17:23 - 2018-11-01 02:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 17:23 - 2018-11-01 02:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 17:23 - 2018-11-01 02:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 17:23 - 2018-11-01 02:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 17:23 - 2018-11-01 00:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 17:23 - 2018-11-01 00:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 17:23 - 2018-11-01 00:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 17:23 - 2018-11-01 00:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 17:23 - 2018-11-01 00:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 17:23 - 2018-11-01 00:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 17:23 - 2018-11-01 00:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 17:23 - 2018-11-01 00:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 17:23 - 2018-11-01 00:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 17:23 - 2018-11-01 00:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 17:23 - 2018-11-01 00:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 17:23 - 2018-11-01 00:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 17:23 - 2018-11-01 00:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 17:23 - 2018-11-01 00:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 17:23 - 2018-11-01 00:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 17:23 - 2018-11-01 00:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 17:23 - 2018-11-01 00:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 17:23 - 2018-11-01 00:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 17:23 - 2018-11-01 00:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 17:23 - 2018-11-01 00:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 17:23 - 2018-11-01 00:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 17:23 - 2018-11-01 00:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 17:23 - 2018-11-01 00:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 17:23 - 2018-11-01 00:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 17:23 - 2018-11-01 00:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 17:23 - 2018-11-01 00:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 17:23 - 2018-11-01 00:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 17:23 - 2018-11-01 00:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 17:23 - 2018-11-01 00:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 17:23 - 2018-11-01 00:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 17:23 - 2018-11-01 00:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 17:23 - 2018-11-01 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 17:23 - 2018-11-01 00:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 17:23 - 2018-11-01 00:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 17:23 - 2018-11-01 00:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 17:23 - 2018-11-01 00:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 17:23 - 2018-11-01 00:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 17:23 - 2018-10-31 23:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 17:23 - 2018-10-31 23:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 17:23 - 2018-10-31 23:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 17:23 - 2018-10-31 23:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 17:23 - 2018-10-31 23:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 17:23 - 2018-10-31 23:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 17:23 - 2018-10-31 23:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 17:23 - 2018-10-31 23:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 17:23 - 2018-10-31 23:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 17:23 - 2018-10-31 23:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 17:23 - 2018-10-31 23:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 17:23 - 2018-10-31 23:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 17:23 - 2018-10-31 23:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 17:23 - 2018-10-31 23:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 17:23 - 2018-10-31 23:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 17:23 - 2018-10-31 23:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 17:23 - 2018-10-31 23:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 17:23 - 2018-10-31 22:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 17:23 - 2018-10-31 22:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 17:23 - 2018-10-31 21:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 17:23 - 2018-10-31 21:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 17:23 - 2018-10-31 21:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 17:23 - 2018-10-31 21:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 17:23 - 2018-10-31 21:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 17:23 - 2018-10-31 21:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 17:23 - 2018-10-31 21:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 17:23 - 2018-10-31 21:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 17:23 - 2018-10-31 21:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 17:23 - 2018-10-31 21:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 17:23 - 2018-10-31 21:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 17:23 - 2018-10-31 21:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 17:23 - 2018-10-31 21:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 17:23 - 2018-10-31 21:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 17:23 - 2018-10-31 21:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 17:23 - 2018-10-31 21:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 17:23 - 2018-10-31 21:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 17:23 - 2018-10-31 21:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 17:23 - 2018-10-31 21:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 17:23 - 2018-10-31 21:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 17:23 - 2018-10-31 21:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 17:23 - 2018-10-31 21:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 17:23 - 2018-10-31 21:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 17:23 - 2018-10-31 21:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 17:23 - 2018-10-31 21:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 17:23 - 2018-10-21 06:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 17:23 - 2018-10-21 06:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 17:23 - 2018-10-21 06:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 17:23 - 2018-10-21 06:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 17:23 - 2018-10-21 06:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 17:23 - 2018-10-21 05:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 17:23 - 2018-10-21 05:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 17:23 - 2018-10-21 05:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 17:23 - 2018-10-21 05:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 17:23 - 2018-10-21 05:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 17:23 - 2018-10-21 05:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 17:23 - 2018-10-21 05:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 17:23 - 2018-10-21 05:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 17:23 - 2018-10-21 05:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 17:23 - 2018-10-21 05:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 17:23 - 2018-10-21 05:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 17:23 - 2018-10-21 05:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 17:23 - 2018-10-21 05:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 17:23 - 2018-10-21 05:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 17:23 - 2018-10-21 05:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 17:23 - 2018-10-21 04:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 17:23 - 2018-10-21 04:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 17:23 - 2018-10-21 04:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 17:23 - 2018-10-21 04:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 17:23 - 2018-10-21 04:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 17:23 - 2018-10-21 04:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 17:23 - 2018-10-21 04:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 17:23 - 2018-10-21 04:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 17:23 - 2018-10-21 04:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 17:23 - 2018-10-21 04:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 17:23 - 2018-10-21 04:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 17:23 - 2018-10-21 04:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 17:23 - 2018-10-21 02:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 17:23 - 2018-10-21 01:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 17:23 - 2018-10-21 00:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 17:23 - 2018-10-21 00:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 17:23 - 2018-10-21 00:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 17:23 - 2018-10-21 00:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 17:23 - 2018-10-21 00:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 17:23 - 2018-10-21 00:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 17:23 - 2018-10-21 00:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 17:23 - 2018-10-21 00:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 17:23 - 2018-10-21 00:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 17:23 - 2018-10-21 00:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 17:23 - 2018-10-21 00:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 17:23 - 2018-10-21 00:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 17:23 - 2018-10-21 00:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 17:23 - 2018-10-21 00:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 17:23 - 2018-10-21 00:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 17:23 - 2018-10-21 00:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 17:23 - 2018-10-21 00:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 17:23 - 2018-10-21 00:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 17:23 - 2018-10-21 00:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 17:23 - 2018-10-21 00:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 17:23 - 2018-10-21 00:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 17:23 - 2018-10-21 00:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 17:23 - 2018-10-21 00:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 17:23 - 2018-10-21 00:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 17:23 - 2018-10-21 00:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 17:23 - 2018-10-21 00:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 17:23 - 2018-10-21 00:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 17:23 - 2018-10-21 00:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 17:23 - 2018-10-21 00:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 17:23 - 2018-10-21 00:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 17:23 - 2018-10-21 00:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 17:23 - 2018-10-21 00:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 17:23 - 2018-10-21 00:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 17:23 - 2018-10-21 00:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 17:23 - 2018-10-21 00:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 17:23 - 2018-10-21 00:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 17:23 - 2018-10-21 00:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 17:23 - 2018-10-21 00:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 17:23 - 2018-10-21 00:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 17:23 - 2018-10-21 00:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 17:23 - 2018-10-21 00:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 17:23 - 2018-10-21 00:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 17:23 - 2018-10-21 00:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 17:23 - 2018-10-21 00:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 17:23 - 2018-10-21 00:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 17:23 - 2018-10-21 00:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 17:23 - 2018-10-21 00:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 17:23 - 2018-10-21 00:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 17:23 - 2018-10-21 00:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 17:23 - 2018-10-20 23:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 17:23 - 2018-10-20 23:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 17:23 - 2018-10-20 23:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 17:23 - 2018-10-20 23:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 17:23 - 2018-10-20 23:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 17:23 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 17:23 - 2018-10-20 22:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 17:23 - 2018-04-27 21:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-13 01:06 - 2018-11-29 13:04 - 000000000 ____D C:\Users\butle\Desktop\Zetland
2018-11-12 13:57 - 2018-11-12 13:57 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-11-12 13:57 - 2018-11-12 13:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-10 10:54 - 2018-11-10 10:54 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-11-10 10:54 - 2018-11-10 10:54 - 000000000 ____D C:\Users\butle\AppData\Roaming\Sun
2018-11-10 10:54 - 2018-11-10 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-11-10 10:53 - 2018-11-10 10:53 - 000000000 ____D C:\Program Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-10 17:08 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-10 16:44 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-10 16:43 - 2017-11-02 09:35 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-10 16:38 - 2018-10-29 17:08 - 000000000 ____D C:\Users\butle\AppData\Roaming\HandBrake
2018-12-10 15:43 - 2018-10-20 17:18 - 000000000 ____D C:\Program Files (x86)\Toolkit
2018-12-10 15:39 - 2018-06-08 18:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-10 14:32 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-10 14:32 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-10 13:35 - 2018-11-03 15:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-12-10 11:49 - 2018-06-08 19:11 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BFEEE281-A92C-46CC-BEEB-E47D6C53BCB5}
2018-12-10 07:43 - 2018-06-08 18:43 - 000000000 ____D C:\Users\butle\AppData\Local\Host App Service
2018-12-10 06:12 - 2018-01-21 11:09 - 000000000 ____D C:\Users\butle\OneDrive\Documents\Outlook Files
2018-12-09 23:22 - 2018-10-29 17:01 - 000000000 ____D C:\Users\butle\AppData\Roaming\dvdcss
2018-12-07 18:42 - 2018-10-29 17:08 - 000000000 ____D C:\Program Files\HandBrake
2018-12-07 14:25 - 2018-10-20 17:19 - 000001183 _____ C:\Users\butle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolkit.lnk
2018-12-07 14:25 - 2018-10-20 17:18 - 000000000 ____D C:\Users\butle\AppData\Roaming\Toolkit
2018-12-07 13:59 - 2018-06-08 18:57 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-07 04:17 - 2017-12-28 21:20 - 000000000 ____D C:\Users\butle\AppData\Local\Packages
2018-12-07 04:11 - 2018-01-21 11:09 - 000000000 ____D C:\Users\butle\AppData\Local\B6C108ED-E52B-4B19-89F9-DC8B6613BE79.aplzod
2018-12-07 04:10 - 2018-01-21 11:09 - 000000000 ___RD C:\Users\butle\iCloudDrive
2018-12-07 04:10 - 2017-12-28 17:11 - 000000000 ___RD C:\Users\butle\OneDrive
2018-12-07 04:08 - 2017-12-28 17:04 - 000000000 __SHD C:\Users\butle\IntelGraphicsProfiles
2018-12-07 04:07 - 2018-04-11 14:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-07 04:05 - 2018-06-08 19:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-07 04:02 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-12-07 02:44 - 2018-06-08 19:11 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-530430974-41699979-3898902672-1001
2018-12-07 02:44 - 2018-06-08 18:43 - 000002366 _____ C:\Users\butle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-05 17:12 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-30 21:01 - 2018-04-11 16:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-30 21:01 - 2018-04-11 16:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-30 19:43 - 2017-11-02 09:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-29 13:01 - 2018-07-18 19:48 - 000000000 ____D C:\Users\butle\Desktop\RBC
2018-11-27 19:01 - 2017-11-02 09:35 - 000000000 ____D C:\ProgramData\CyberLink
2018-11-26 16:23 - 2017-12-28 21:52 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 16:23 - 2017-12-28 21:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 11:52 - 2018-06-17 10:47 - 000003684 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2018-11-16 02:44 - 2018-05-23 00:11 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-11-16 02:44 - 2018-05-23 00:11 - 000053632 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-11-16 02:44 - 2017-12-28 17:04 - 000104832 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-11-13 19:20 - 2017-12-28 21:40 - 000000000 ___RD C:\Users\butle\3D Objects
2018-11-13 19:20 - 2017-03-23 10:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-13 19:19 - 2018-06-08 18:34 - 000401256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-13 19:15 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-13 19:15 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-13 19:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-13 19:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-13 19:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-13 19:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-13 19:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 17:22 - 2017-12-28 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 17:18 - 2017-12-28 20:13 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-12 15:45 - 2018-07-22 14:03 - 000000000 ____D C:\Program Files\Common Files\AV
2018-11-12 13:57 - 2018-02-27 12:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-11-12 12:11 - 2018-02-07 21:18 - 000000000 ____D C:\Users\butle\AppData\Local\CrashDumps
2018-11-10 10:49 - 2018-02-02 21:09 - 000000000 ____D C:\ProgramData\Oracle
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-08 18:34
==================== End of FRST.txt ============================
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by butle (10-12-2018 17:11:14)
Running from C:\Users\butle\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-06-09 02:13:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-530430974-41699979-3898902672-500 - Administrator - Disabled)
butle (S-1-5-21-530430974-41699979-3898902672-1001 - Administrator - Enabled) => C:\Users\butle
DefaultAccount (S-1-5-21-530430974-41699979-3898902672-503 - Limited - Disabled)
Guest (S-1-5-21-530430974-41699979-3898902672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-530430974-41699979-3898902672-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.55.70.1783 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CenoPDF (32-bit) (HKLM-x32\...\{456ADE01-F6E7-4917-8147-819A9F8358C2}) (Version: 3.6.248.0 - Lystech Computing) Hidden
CenoPDF v3.6.248.0 (HKLM-x32\...\{6fb9b190-e195-4fc0-8851-96e795e78948}) (Version: 3.6.248.0 - Lystech Computing)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7417 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.)
GAME GOLF Transfer (HKLM-x32\...\{893766A0-2913-4D41-A822-74295DA7DF21}) (Version: 2.0.0.0 - Active Mind Technology)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 1.1.2 (HKLM-x32\...\HandBrake) (Version: 1.1.2 - )
Hotspot Shield 7.15.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C117BE8D}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hidden
Hotspot Shield 7.15.1 (HKLM-x32\...\{f822407f-b848-4683-8375-b1e9169cb16b}) (Version: 7.15.1.11114 - AnchorFree Inc.)
Hotspot Shield 7.15.1 (HKLM-x32\...\HotspotShield) (Version: 7.15.1 - AnchorFree Inc.) Hidden
iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\Host App Service) (Version: 0.273.2.941 - SweetLabs for Lenovo) <==== ATTENTION
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.213 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Norton Security Online (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer) (HKLM\...\novaPDF Pro v5_is1) (Version: - Softland)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Soda PDF Desktop 10 (HKLM-x32\...\SodaDesktop10) (Version: 10.2.9.671 - LULU Software)
Soda PDF Desktop 10 Asian Fonts Pack (HKLM\...\{5DA41CBD-DF69-46F8-B9A9-742A776DD94D}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Convert Module (HKLM\...\{EE4A3C19-731C-4A5B-BDD2-1FE13884E8AE}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Create Module (HKLM\...\{576B36A7-126B-4AA2-A8EF-B283C94830C3}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Edit Module (HKLM\...\{102B5312-8771-4E57-95BF-A3681B18E96D}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Forms Module (HKLM\...\{72D7A114-1205-4C7F-8F7F-E55F7887A355}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Insert Module (HKLM\...\{FC671443-85A4-4147-B546-379F8C95EACC}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 OCR TESS Module (HKLM\...\{EE52D22C-F052-4075-807D-66B3E993118B}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Review Module (HKLM\...\{7111BE2D-0855-426E-8097-40D1491EE9F1}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 Secure Module (HKLM\...\{AD01B0F9-AFF2-40A9-866F-3BF554297796}) (Version: 10.2.16.1217 - LULU Software) Hidden
Soda PDF Desktop 10 View Module (HKLM\...\{859B5C7C-CAC7-403C-98F9-4F9CDD0F289C}) (Version: 10.2.16.1217 - LULU Software) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.5.3.3 - Seagate)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-530430974-41699979-3898902672-1001\...\WhatsApp) (Version: 0.3.953 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - Active Mind Technology, Inc. (amtgglp_x64) Ports (12/10/2013 2.15.0.0) (HKLM\...\8D988FABD630E45C1711482275F26EAE38848B6B) (Version: 12/10/2013 2.15.0.0 - Active Mind Technology, Inc.)
Windows Driver Package - Active Mind Technology, Inc. CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\E91002B840385A60FA24C1EC4DA6C2135D349B06) (Version: 07/12/2013 2.08.30 - Active Mind Technology, Inc.)
Windows Driver Package - Active Mind Technology, Inc. CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\B70EE4609E28DD33B5E744358133498D3D9737B4) (Version: 07/12/2013 2.08.30 - Active Mind Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc.)
ContextMenuHandlers1: [SodaPDFDesktop10_ManagerExt] -> {D299F3FB-6AA2-4BC7-B192-D9937676B9DE} => C:\Program Files\Soda PDF Desktop 10\context-menu.dll [2018-10-31] (LULU Software)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07904F01-D788-4665-AA70-924CCFCAF366} - System32\Tasks\Norton Security\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {07DD64B3-4888-495C-8F66-309406CA88E7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5b46d439-0318-4d34-87dd-e3678bf16e24 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {0A9387A2-28EF-42F1-8103-241FEAE9E03E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-30] (Microsoft Corporation)
Task: {133C015F-9436-4618-B7C8-29CFA8A9E503} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2017-02-17] (CyberLink Corp.)
Task: {13ADE781-0217-41FD-A663-5BA6649DB280} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {16A05365-1AD0-468F-BEE0-863C0821BC6E} - System32\Tasks\App Explorer => C:\Users\butle\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-10-19] (SweetLabs, Inc) <==== ATTENTION
Task: {17691A09-5D2F-447C-BE2F-569DFDF6497B} - System32\Tasks\Norton Security\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {2D1E6237-173D-4594-A913-B8D912B03D71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {3CE8065E-C91E-4BE9-BF1F-DFF4556CEBB1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-30] (Microsoft Corporation)
Task: {5CD7D21A-C713-433E-BDA9-9D1538CF8BD0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {63E1720C-B66C-433E-AAC9-BFB6B4D405E3} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7187D5D6-A51A-4E86-845D-BAB39A011F09} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f4427a73-73a0-4706-94b1-c404f620d167 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {7BB5A8CA-026C-49CD-8EC7-C0AE18233CA4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [2016-09-20] (CyberLink Corp.)
Task: {883DCDB8-A748-4F0C-8640-51970BC5E405} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-30] (Microsoft Corporation)
Task: {89CBD3C3-18AB-4C09-91DC-6D9929945230} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-30] (Microsoft Corporation)
Task: {97D04B0E-38CC-4FBC-A19B-0235716953FB} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-11-15] (BlueStack Systems, Inc.)
Task: {9A190F5C-ED0D-4B40-9A5B-9D916BE5C99C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-28] (Google Inc.)
Task: {9A7A4E55-1CBF-4132-94F6-91F0084B11C3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4ef635b1-7b48-4938-b9eb-f6cbc397c84b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {A38169F5-B669-4379-A7BD-4B3AF61F1923} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe [2018-11-03] (Symantec Corporation)
Task: {A38E1D73-BD07-4F6B-947C-D564E6A90A6F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\372c82da-3fcd-4b35-8bd9-0bc9230c7cc2 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {B15E4D50-6BC0-4F21-BA92-C55079273905} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {B1828D24-784A-4FCE-911D-79DAFCF32704} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-12-03] (Apple Inc.)
Task: {C064DB4D-A690-485E-8846-B2C0CC0A0C03} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-11-16] (Lenovo Group Ltd.)
Task: {C1F67192-3ED8-4E2D-B3CF-A21E62B0009D} - System32\Tasks\Norton Security\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {D4306A1F-3F0E-4134-BF4C-797A54041453} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {DC3022D5-21A7-491F-9874-EE4DEAB41397} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {EB4C3F65-8910-4B16-A058-DC9F5287507D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [2016-10-07] (CyberLink)
Task: {EE9AB242-7C34-4453-8100-E82971D203BD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-11-30] (Microsoft Corporation)
Task: {EEDA1877-3CEF-48D4-9C5D-8AD95BAACB6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-09 01:19 - 2005-04-22 13:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2018-07-08 18:35 - 2018-05-02 12:08 - 000165104 _____ () C:\WINDOWS\system32\IntelWifiIhv04.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 17:23 - 2018-10-31 23:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-02 16:55 - 2018-07-02 16:55 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-03 18:40 - 2018-10-03 18:40 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-05 01:44 - 2018-12-05 01:44 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-05 01:44 - 2018-12-05 01:46 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-12-05 01:44 - 2018-12-05 01:44 - 010885632 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-05 01:44 - 2018-12-05 01:46 - 002850816 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-05 01:44 - 2018-12-05 01:45 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-10-22 13:59 - 2018-10-22 13:59 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-22 13:59 - 2018-10-22 13:59 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-12-05 01:44 - 2018-12-05 01:46 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-01-09 13:04 - 2012-09-25 11:26 - 001163264 _____ () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2018-11-15 14:09 - 2018-11-15 14:11 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-11-15 14:09 - 2018-11-15 14:11 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-11-15 14:09 - 2018-11-15 14:11 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-15 14:09 - 2018-11-15 14:10 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-28 17:48 - 2017-12-28 17:51 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-15 14:09 - 2018-11-15 14:11 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-20 16:48 - 2018-08-20 16:48 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-20 16:48 - 2018-08-20 16:48 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-04-04 23:20 - 2018-04-04 23:23 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-11-15 14:09 - 2018-11-15 14:11 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-15 14:09 - 2018-11-15 14:10 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-11-15 14:09 - 2018-11-15 14:10 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-04 18:35 - 2018-09-04 18:36 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 00:29 - 2018-07-26 00:29 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-26 16:22 - 2018-11-15 22:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-26 16:22 - 2018-11-15 22:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-07 04:17 - 2018-12-07 04:17 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-07 04:16 - 2018-12-07 04:16 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-12 15:56 - 2017-12-28 08:29 - 004238432 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2017-03-09 22:22 - 2017-11-29 23:53 - 000155296 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2018-12-10 14:31 - 2018-12-10 14:31 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-10 14:31 - 2018-12-10 14:31 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-28 17:48 - 2017-12-28 17:48 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 23:28 - 2018-11-28 23:28 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-10 14:31 - 2018-12-10 14:31 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-10 14:31 - 2018-12-10 14:31 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-09 13:04 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-11-08 23:44 - 2017-11-08 23:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-01-12 15:56 - 2018-01-09 16:00 - 048935936 _____ () C:\ProgramData\BlueStacks\CefData\libcef.dll
2018-11-16 15:21 - 2018-11-16 15:21 - 000161152 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\butle\OneDrive\Documents\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\butle\OneDrive\Documents\Soda PDF Files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-530430974-41699979-3898902672-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\butle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{24821B4D-118D-43BF-AE85-784A4BBBF78C}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{1BEFABC2-0CA3-4E42-B753-70072A459940}] => (Allow) LPort=54925
FirewallRules: [{F58ADD2C-474B-4282-8EAA-AFBBEA43B41D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{6E05ED4A-AE50-414F-9093-44BC843D383C}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{FCC8D5EE-E175-453C-B64B-9AFCDCFAE5CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B7C9BD6-6DC0-4AB2-AF51-B40B10E56CB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B144ED13-B870-4188-A51C-A41BC00F43CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A74A47C0-38B1-49E4-939E-B1AFED5F0455}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95404A27-C40E-4CE5-96CC-73CE1AAB79FC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F5BC3ACA-E5C0-4303-8787-D45809E34C84}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{69BF2F0B-9395-48A0-A426-4B425393C399}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{5D354980-92C7-408E-8CB2-65F4B5604371}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{D4F825A2-E0B4-4761-9F88-E27EAD635AFF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{45ABDE0F-308B-4FCB-A92C-BCB539D9FB26}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{B3E0BD3C-D23F-4C3A-AD78-2D21F2E435CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A3D1FF9F-371D-4CB7-AF90-AE36290CB6D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{31A4B8C0-9ECD-47F6-91B0-BC22C385B1AA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FEBBB0C8-0161-422A-8B9A-325C4C7D60C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
20-11-2018 18:08:32 Windows Update
05-12-2018 17:10:01 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-OQKK081Q.local already in use; will try LAPTOP-OQKK081Q-2.local instead
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 LAPTOP-OQKK081Q.local. Addr 192.168.1.83
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.83:5353 16 LAPTOP-OQKK081Q.local. AAAA 2001:056A:7077:4D00:04C0:EBD9:D03F:58B2
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-OQKK081Q.local. AAAA FE80:0000:0000:0000:B043:7130:4DEF:E932
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.83:5353 16 LAPTOP-OQKK081Q.local. AAAA 2001:056A:7077:4D00:04C0:EBD9:D03F:58B2
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-OQKK081Q.local. AAAA 2001:056A:7077:4D00:C936:D308:B056:11A1
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.83:5353 16 LAPTOP-OQKK081Q.local. AAAA 2001:056A:7077:4D00:04C0:EBD9:D03F:58B2
Error: (12/10/2018 08:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-OQKK081Q.local. AAAA 2001:056A:7077:4D00:79EE:31D8:C2EB:5A65
System errors:
=============
Error: (12/10/2018 04:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/10/2018 05:24:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/10/2018 05:22:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/10/2018 02:09:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/09/2018 10:54:34 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OQKK081Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-OQKK081Q\butle SID (S-1-5-21-530430974-41699979-3898902672-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (12/09/2018 09:58:39 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OQKK081Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-OQKK081Q\butle SID (S-1-5-21-530430974-41699979-3898902672-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (12/09/2018 08:32:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/09/2018 06:54:45 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-OQKK081Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user LAPTOP-OQKK081Q\butle SID (S-1-5-21-530430974-41699979-3898902672-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-07-03 18:01:18.444
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {10C26477-8134-4E0E-9E43-0F3AA499250A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-03 17:40:23.218
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {80195268-4A7F-4AA1-96BD-02A4785BC43F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-02 20:28:58.319
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F294F53C-537D-4D6C-BD31-F41EF0548210}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-02 17:54:33.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA13D2A7-F98C-42E3-9616-152031313B84}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-08 21:16:22.136
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7554A3D6-26CC-4608-A11B-17BB43FF0F89}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-18 10:06:23.023
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2018-07-18 00:13:29.677
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2018-07-11 09:21:30.972
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2018-06-30 01:33:25.190
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2018-06-28 17:08:40.242
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
CodeIntegrity:
===================================
Date: 2018-07-12 20:41:35.008
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-08 20:16:38.565
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 68%
Total physical RAM: 12162.72 MB
Available physical RAM: 3794.93 MB
Total Virtual: 17282.72 MB
Available Virtual: 6021.77 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:798.52 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.87 GB) NTFS
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:3725.9 GB) (Free:3633.28 GB) NTFS
\\?\Volume{9922eacf-3c68-46d2-8bd3-4b04af5bb2bb}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS
\\?\Volume{984d618e-f2c8-4c34-8b7d-17c4fdd5caf9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 48F379E9)
Partition: GPT.
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 23462E1B)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by Triskelion, 14 December 2018 - 07:52 PM.