Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cooling Fan Pulses From Low to High Continuously [Solved]

Started by commanderk , Apr 01 2019 09:31 PM
Cooling fan Slow system

  • This topic is locked This topic is locked

#1
commanderk
Posted 01 April 2019 - 09:31 PM

commanderk

    Member

  • Member
  • PipPip
  • 64 posts

My cooling fan pulses from low to high continuously. My system is also slow. I have Norton and am running Malwarebytes. I also ran OTL and found no problems. Thanks.

 

Here're the logs requested.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by kody (01-04-2019 20:16:53)
Running from C:\Users\kody\Downloads
Windows 10 Home Version 1803 17134.648 (X64) (2018-12-27 05:25:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1513066782-2088970526-2524805393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1513066782-2088970526-2524805393-503 - Limited - Disabled)
Guest (S-1-5-21-1513066782-2088970526-2524805393-501 - Limited - Disabled)
kody (S-1-5-21-1513066782-2088970526-2524805393-1001 - Administrator - Enabled) => C:\Users\kody
WDAGUtilityAccount (S-1-5-21-1513066782-2088970526-2524805393-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{4486FC50-ADE1-35F5-66D3-CFBBFC9A8A35}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{6EF6941D-4393-2231-3D29-C52ED8ED485F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{01ED4501-7134-67E5-0AF0-3B6003646E1A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{201D8B07-20D4-F26D-EF13-54D4646B180D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{F9F6F0CC-DE19-9FEA-5618-8D3891E57A2A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FDFEBDEA-140C-AF32-5D1D-D85858CF589D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{1D9889C7-EF3A-2404-19E7-4517C20D8783}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7784F531-3276-EBB5-F590-F62151FE39A9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{B72AFCAB-62B2-64CB-7C01-3FAB601F163D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{BEBEB9E8-D83E-FC1A-6EB4-EA3609DA4967}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DE06415A-00C1-CA00-082B-693F3F04D9E9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E08332C8-2494-C7DF-AD2C-C5C8BDACFBCB}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{19C0293F-9157-3931-F773-64F879906064}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{24473F97-CBC2-F5E5-1679-E5A8E855B8C9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{58C33198-3421-5C93-2993-B69796CD64FC}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{F852D37B-B837-4DE4-E39D-5DDB8D3CFDB0}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{3FB42013-DFEA-42C7-2409-2A993F0A125F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C2897673-0B26-4063-9A23-A7A240853CD6}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{AEA98D17-8D5A-1E46-8BE4-03B35F8E9E88}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E42B85E8-5E5C-F890-A943-CA53E9212DB0}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{45571752-4A06-D0B6-9626-AA42F733F06A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B19E0896-465A-0886-2F49-6CD68AB7C229}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{7EC80E29-C710-843D-AEF8-3E03473D0166}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F30F0CCF-3B16-2104-BA67-48F3B2672140}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{122ADD10-7018-B294-8DC1-02342300D48C}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{6DF59C47-EAA3-09D8-E1A1-ADF4ADD66771}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{B5775CBB-66DA-C816-7673-A21562B89C75}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DB3312FA-CD19-EDF6-1DDE-A53A796991B5}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{625D3128-2C37-F193-1346-0727DD1E6E96}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{66D1F45C-49C4-9A92-9626-42ACF3F91A9F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{8273D1D8-B88C-D734-64B1-FCF240B64844}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CBD24DD2-87EF-84C3-CE61-7ACF33779AFA}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{08AE5F97-73E6-2049-1976-12C786CD1828}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{47DF4A8E-AA22-1D21-928E-31321BDE2F54}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{06CADB25-FB27-A855-2313-FC36E23EFA40}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{48ACCBEA-F85D-0908-24D6-A8DDBE0621C2}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{86521D14-67A5-D13B-44DD-64E3BDBEE245}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{8AAE5F4C-8872-7F86-79A6-0ECF95663F53}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{592CD17B-5233-12E7-F0DE-BD29B5FC88E3}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{EEB0FB79-C020-3725-867E-6FF3EA0782A1}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{002EA904-A5F5-0A9D-FEC6-E5C245C4AB56}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B1DE4F1A-449C-75A6-16D1-CB7B6BCE526C}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
ELAN Touchpad 18.2.22.3_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.22.3 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2FC69222-01B3-479E-80E6-0AFC593A312A}) (Version: 1.4.23 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11328.20222 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Norton Security Online (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20222 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.21.811.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8393 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-25] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08FBEC1D-A176-4CA4-9966-011A5134D16C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.0.183\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {1FDB135A-8654-43DE-AF92-AF63692EC3C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D5DB52C-56AE-4FD6-9D9E-3785AA4DA9FD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E1DF635-883F-4FF6-B81A-7F705A16DCC0} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {5B280AD1-8E38-46F2-BE5B-F8567F2FAC72} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6515B0C7-3C4E-41D9-BB43-FDC96035AC10} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {7112B4C7-9BAC-4B5C-900B-E5EDE9959BFB} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {7FD66344-C551-4374-A2F7-ABAD8DA44826} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7FE5818D-B646-4EA3-98EB-C74E2FF5AF65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {80BA2026-6538-4B6A-AD10-76F52F7B956B} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\kody\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {80F68048-4E56-42DF-885B-ED3D92D59AEE} - System32\Tasks\Norton Security with Backup\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {A05BD651-2637-4A11-9B15-E37F4323D070} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A5768667-F70D-4C5C-A9B2-2587B473A4FA} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {A9EDB601-49B0-4262-A9C6-F2AEDBEC28D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {ACC1BDD4-D6EE-4D4D-9380-77CEF41CF220} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {ACCCA693-EBB2-48CD-83DE-6053DC201575} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B93A40DB-BE01-44BB-A912-08D66EB19A61} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BEDCF236-6962-4F8E-8ECF-6A3C3C5D29AE} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {C19B29C2-F767-4024-80C5-77C0E4FA0118} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C7C93DDA-E3EE-4B01-9A60-1D6598F92120} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D8537E70-48D4-4FFF-A975-1B7F54F34331} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {EDDCDDE5-BFAE-407A-80F9-808703E1D72C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FB859321-3F6D-4336-B6B5-738AC0DD9223} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FDD014EF-F300-426E-870D-CA56F557FE1E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\kody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-14 19:48 - 2016-09-14 19:48 - 005496320 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 002924544 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000912384 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 005444608 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 005804544 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000277504 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 003187712 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 001061376 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000193024 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000011776 _____ () [File not signed] c:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 002013696 _____ () [File not signed] c:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000310784 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 19:49 - 2016-09-14 19:49 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\915a93bc288cb667c4ead9459692161c\HPAudioSwitch.ni.exe
2019-03-19 19:44 - 2019-03-19 19:44 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\a1d8f678b50292d989072e1b75e72ba8\log4net.ni.dll
2019-03-19 19:44 - 2019-03-19 19:44 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\18abc1546f7fd36f2144e91ae6116b8d\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\818fad3eb6b481a0e888c5e2569a1694\NAudio.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\4582e50ce61e5fbb8e458df79cd7a84e\Newtonsoft.Json.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9384196ea1e1fa6c9b853d15a9e3b0c9\Interop.IWshRuntimeLibrary.ni.dll
2018-12-27 19:26 - 2018-12-27 19:26 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2018-12-27 19:26 - 2018-12-27 19:26 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kgl_0903.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D0DE791B-4EBC-40D1-891B-2B81EF066F76}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )
FirewallRules: [{4B5E18F3-F2B8-418C-BE4B-C409AD148B84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D864E17C-FA84-4A4F-8C22-11AAB9C14376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{618224FC-6BA3-4BBF-AF40-66EB50D0CDC8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B83A28D6-A1EB-41A7-8DDF-C632FC570C6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57BB3448-35C1-448A-A0BD-23D81A44450C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20108.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D20DEAF0-D907-41AB-A3D2-FA3C608253A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7B2E409-453A-4CF5-9165-BB34069BE248}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B83CACD6-9829-48D2-9C0D-D7316989DE09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F339B37E-F46E-4365-BF89-28AB9B80F930}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F7986D1C-28B1-45A5-8B3D-95A56BA1F64F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6AF3601E-66AA-4626-A594-A4255B3C7CE2}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File
FirewallRules: [UDP Query User{341C8A77-CC24-48BF-B295-28FE70372326}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File
FirewallRules: [{7A2768EA-8431-4E6B-87B0-BC61C5727EA3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
09-03-2019 23:03:47 Scheduled Checkpoint
19-03-2019 17:28:41 Windows Update
29-03-2019 15:51:46 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/01/2019 07:30:02 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
   at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
 
Error: (04/01/2019 07:29:54 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (04/01/2019 07:29:54 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (03/31/2019 09:10:01 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (03/31/2019 09:10:01 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (03/30/2019 11:08:09 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (03/30/2019 11:08:09 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....
 
Error: (03/30/2019 12:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3234
 
 
System errors:
=============
Error: (04/01/2019 07:42:15 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2019 07:31:09 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2019 07:31:05 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2019 07:30:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2019 07:30:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/01/2019 07:30:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/31/2019 10:03:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/31/2019 12:11:27 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-9620P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 37%
Total physical RAM: 11743.18 MB
Available physical RAM: 7316.94 MB
Total Virtual: 13535.18 MB
Available Virtual: 8851.54 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.71 GB) (Free:758.69 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.57 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{a7da5a48-9b9f-4920-8e4c-759de6aa576f}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{9bf78432-8456-4792-a61a-8a75a5c14854}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by kody (administrator) on KODYNB2018 (01-04-2019 20:11:19)
Running from C:\Users\kody\Downloads
Loaded Profiles: kody (Available Profiles: kody)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3666536 2018-03-15] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [704832 2017-04-27] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-03-19] (Google LLC -> Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-31] (Google LLC -> Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{51f3aaa5-5078-4b60-90f5-9a529f1aa10f}: [DhcpNameServer] 172.168.0.7
Tcpip\..\Interfaces\{c3461718-c7f5-4957-ab72-b80a28cb0476}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {7CAC81C5-A680-4E86-B935-332DE6D2D0C3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7CAC81C5-A680-4E86-B935-332DE6D2D0C3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_widemail_chr_win&type=default
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default [2019-04-01]
CHR Extension: (Slides) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-27]
CHR Extension: (Docs) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-27]
CHR Extension: (Google Drive) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-27]
CHR Extension: (YouTube) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-27]
CHR Extension: (Honey) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2019-03-07]
CHR Extension: (Adobe Acrobat) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-01-05]
CHR Extension: (Sheets) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-27]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2019-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-27]
CHR Extension: (AdBlock) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-03-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-21]
CHR Extension: (Google Hangouts) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-27]
CHR Extension: (InvisibleHand) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2019-02-13]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-01-31]
CHR Extension: (Yahoo Web) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\njajpefejmjnhcddhaleakkcehiilppa [2018-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-27]
CHR Extension: (DISH Anywhere Chrome Video Player) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiogfjcmcooikkpemeppajhnmpeekgf [2019-01-08]
CHR Extension: (Gmail) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-09-25] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [561576 2017-10-13] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11150824 2019-03-22] (Microsoft Corporation -> Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [152680 2018-03-15] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [541896 2018-07-06] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-08-07] (Intel® Wireless Connectivity Solutions -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe [934216 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [265672 2018-12-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3756200 2017-08-07] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34672 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54128 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318605.inf_amd64_031e1fc2cec2dd33\atikmdag.sys [36583336 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDKMDAP; C:\WINDOWS\System32\DriverStore\FileRepository\c0318605.inf_amd64_031e1fc2cec2dd33\atikmpag.sys [537512 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [106416 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [243048 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91640 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.15.0.88\Definitions\BASHDefs\20190326.001\BHDrvx64.sys [1934048 2019-02-07] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-09-25] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\System32\drivers\dot4usb.sys [49056 2012-09-25] (Hewlett-Packard Company -> Microsoft Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-27] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-27] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32816 2018-03-15] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.15.0.88\Definitions\IPSDefs\20190401.061\IDSvia64.sys [1424392 2019-02-20] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-09-12] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-08-07] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SymELAM.sys [25744 2019-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-23] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.15.0.88\SymPlatform\SymEvnt.sys [700640 2019-02-19] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-01 20:11 - 2019-04-01 20:14 - 000024473 _____ C:\Users\kody\Downloads\FRST.txt
2019-04-01 20:11 - 2019-04-01 20:11 - 000000000 ____D C:\FRST
2019-04-01 20:10 - 2019-04-01 20:10 - 002434048 _____ (Farbar) C:\Users\kody\Downloads\FRST64.exe
2019-03-31 21:30 - 2019-03-31 21:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-03-31 12:05 - 2019-03-31 12:05 - 001214008 _____ (Google LLC) C:\Users\kody\Downloads\ChromeSetup (1).exe
2019-03-29 17:42 - 2019-03-29 17:42 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-29 17:41 - 2019-03-29 17:41 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-29 17:41 - 2019-03-29 17:41 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-29 17:41 - 2019-03-29 17:41 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-29 16:36 - 2019-03-29 16:36 - 000000000 ____D C:\Users\kody\AppData\Local\mbam
2019-03-29 16:34 - 2019-03-29 16:34 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-29 16:34 - 2019-03-29 16:34 - 000000000 ____D C:\Users\kody\AppData\Local\mbamtray
2019-03-29 16:33 - 2019-03-29 16:33 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-29 16:33 - 2019-03-29 16:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-29 16:33 - 2019-03-29 16:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-29 16:33 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-29 16:33 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-29 16:32 - 2019-03-29 16:32 - 062540088 _____ (Malwarebytes ) C:\Users\kody\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9910.exe
2019-03-28 12:06 - 2019-03-28 12:06 - 005523480 _____ C:\Users\kody\Documents\VM Authorization Kody Lyons.pdf
2019-03-27 19:07 - 2019-03-27 19:07 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-27 19:07 - 2019-03-27 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-03-23 20:41 - 2019-03-29 17:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-03-23 20:40 - 2019-03-24 20:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-03-23 20:40 - 2019-03-23 20:40 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-03-19 18:11 - 2019-03-06 08:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-19 18:11 - 2019-03-06 02:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-19 18:11 - 2019-03-06 02:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-19 18:11 - 2019-03-06 01:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-19 18:11 - 2019-03-06 01:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-19 18:11 - 2019-03-06 01:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-19 18:11 - 2019-03-06 01:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-19 18:11 - 2019-03-06 01:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-19 18:11 - 2019-03-05 23:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-19 18:11 - 2019-03-05 23:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-19 18:11 - 2019-03-05 22:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-19 18:11 - 2019-03-05 22:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-19 18:11 - 2019-03-05 22:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-19 18:11 - 2019-02-16 05:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-19 18:11 - 2019-02-16 03:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-19 18:11 - 2019-02-16 03:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-19 18:11 - 2019-02-16 01:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-19 18:11 - 2019-02-16 01:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-19 18:11 - 2019-02-16 00:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-19 18:11 - 2019-02-16 00:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-19 18:10 - 2019-03-06 08:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-19 18:10 - 2019-03-06 08:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-19 18:10 - 2019-03-06 08:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-19 18:10 - 2019-03-06 08:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-19 18:10 - 2019-03-06 08:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-19 18:10 - 2019-03-06 08:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-19 18:10 - 2019-03-06 08:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-19 18:10 - 2019-03-06 08:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-19 18:10 - 2019-03-06 08:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-19 18:10 - 2019-03-06 08:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-19 18:10 - 2019-03-06 08:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-19 18:10 - 2019-03-06 05:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-19 18:10 - 2019-03-06 05:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-19 18:10 - 2019-03-06 05:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-19 18:10 - 2019-03-06 05:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-19 18:10 - 2019-03-06 05:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-19 18:10 - 2019-03-06 05:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-19 18:10 - 2019-03-06 05:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-19 18:10 - 2019-03-06 05:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-19 18:10 - 2019-03-06 05:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-19 18:10 - 2019-03-06 04:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-19 18:10 - 2019-03-06 02:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-19 18:10 - 2019-03-06 02:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-19 18:10 - 2019-03-06 02:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-19 18:10 - 2019-03-06 02:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-19 18:10 - 2019-03-06 02:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-19 18:10 - 2019-03-06 02:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-19 18:10 - 2019-03-06 02:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-19 18:10 - 2019-03-06 02:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-19 18:10 - 2019-03-06 02:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-19 18:10 - 2019-03-06 02:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-19 18:10 - 2019-03-06 02:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-19 18:10 - 2019-03-06 02:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-19 18:10 - 2019-03-06 02:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-19 18:10 - 2019-03-06 02:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-19 18:10 - 2019-03-06 02:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-19 18:10 - 2019-03-06 02:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-19 18:10 - 2019-03-06 02:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-19 18:10 - 2019-03-06 02:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-19 18:10 - 2019-03-06 02:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-19 18:10 - 2019-03-06 02:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-19 18:10 - 2019-03-06 02:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-19 18:10 - 2019-03-06 02:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-19 18:10 - 2019-03-06 02:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-19 18:10 - 2019-03-06 02:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-19 18:10 - 2019-03-06 02:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-19 18:10 - 2019-03-06 01:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-19 18:10 - 2019-03-06 01:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-19 18:10 - 2019-03-06 01:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-19 18:10 - 2019-03-06 01:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-19 18:10 - 2019-03-06 01:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-19 18:10 - 2019-03-06 01:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-19 18:10 - 2019-03-06 01:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-19 18:10 - 2019-03-06 01:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-19 18:10 - 2019-03-06 01:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-19 18:10 - 2019-03-06 01:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-19 18:10 - 2019-03-06 01:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-19 18:10 - 2019-03-06 01:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-19 18:10 - 2019-03-06 01:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-19 18:10 - 2019-03-06 00:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-19 18:10 - 2019-03-05 23:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-19 18:10 - 2019-03-05 23:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-19 18:10 - 2019-03-05 23:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-19 18:10 - 2019-03-05 23:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-19 18:10 - 2019-03-05 23:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-19 18:10 - 2019-03-05 23:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-19 18:10 - 2019-03-05 22:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-19 18:10 - 2019-03-05 22:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-19 18:10 - 2019-03-05 22:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-19 18:10 - 2019-03-05 22:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-19 18:10 - 2019-03-05 22:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-19 18:10 - 2019-03-05 22:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-19 18:10 - 2019-03-05 22:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-19 18:10 - 2019-03-05 22:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-19 18:10 - 2019-02-20 20:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-19 18:10 - 2019-02-16 06:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-19 18:10 - 2019-02-16 06:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-19 18:10 - 2019-02-16 05:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-19 18:10 - 2019-02-16 05:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-19 18:10 - 2019-02-16 05:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-19 18:10 - 2019-02-16 05:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-19 18:10 - 2019-02-16 05:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-19 18:10 - 2019-02-16 05:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-19 18:10 - 2019-02-16 05:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-19 18:10 - 2019-02-16 05:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-19 18:10 - 2019-02-16 05:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-19 18:10 - 2019-02-16 05:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-19 18:10 - 2019-02-16 05:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-19 18:10 - 2019-02-16 05:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-19 18:10 - 2019-02-16 05:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-19 18:10 - 2019-02-16 05:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-19 18:10 - 2019-02-16 05:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-19 18:10 - 2019-02-16 05:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-19 18:10 - 2019-02-16 05:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-19 18:10 - 2019-02-16 05:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-19 18:10 - 2019-02-16 05:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-19 18:10 - 2019-02-16 05:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-19 18:10 - 2019-02-16 05:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-19 18:10 - 2019-02-16 05:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-19 18:10 - 2019-02-16 01:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-19 18:10 - 2019-02-16 01:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-19 18:10 - 2019-02-16 01:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-19 18:10 - 2019-02-16 01:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-19 18:10 - 2019-02-16 01:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-19 18:10 - 2019-02-16 01:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-19 18:10 - 2019-02-16 01:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-19 18:10 - 2019-02-16 01:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-19 18:10 - 2019-02-16 01:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-19 18:10 - 2019-02-16 01:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-19 18:10 - 2019-02-16 01:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-19 18:10 - 2019-02-16 00:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-19 18:10 - 2019-02-16 00:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-19 18:10 - 2019-02-16 00:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-19 18:10 - 2019-02-16 00:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-19 18:10 - 2019-02-16 00:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-19 18:10 - 2019-02-16 00:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-19 18:10 - 2019-02-16 00:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-19 18:10 - 2019-02-16 00:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-19 18:10 - 2019-02-16 00:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-19 18:10 - 2019-02-16 00:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-19 18:10 - 2019-02-16 00:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-19 18:10 - 2019-02-16 00:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-08 21:54 - 2019-03-08 21:54 - 000000823 _____ C:\Users\kody\Downloads\4083869.gz
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-04-01 20:03 - 2018-12-26 20:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-01 19:37 - 2018-12-26 22:31 - 000000000 ____D C:\Users\kody\AppData\Local\Packages
2019-04-01 19:34 - 2018-12-26 20:09 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-01 19:34 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-01 19:32 - 2018-12-27 18:49 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EC17B0E-D771-4723-BAF3-F7AED88CCA23}
2019-03-31 21:21 - 2018-12-26 21:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-31 12:07 - 2018-12-27 00:55 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-31 12:07 - 2018-12-27 00:55 - 000002303 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-29 17:47 - 2019-01-25 19:13 - 000000000 ____D C:\Users\kody\AppData\Local\CrashDumps
2019-03-29 17:47 - 2019-01-08 19:13 - 000000000 ____D C:\Users\kody\AppData\Roaming\SlingMedia
2019-03-29 17:47 - 2019-01-08 19:12 - 000000000 ____D C:\Program Files (x86)\DishAnywherePlayer
2019-03-29 17:47 - 2018-12-26 21:46 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-29 17:45 - 2018-12-26 19:32 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-29 17:41 - 2018-12-26 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-29 17:40 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-29 17:39 - 2018-12-26 21:46 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2019-03-29 17:39 - 2018-12-26 19:32 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-29 16:34 - 2018-12-26 20:09 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-29 16:33 - 2018-12-25 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-27 23:59 - 2018-12-27 00:54 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-27 23:59 - 2018-12-27 00:54 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 19:05 - 2018-12-27 18:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-26 18:35 - 2018-12-26 22:34 - 000000000 ____D C:\Users\kody\AppData\Local\PlaceholderTileLogoFolder
2019-03-24 22:52 - 2017-10-05 16:40 - 000929586 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-03-23 21:06 - 2018-12-27 01:40 - 000000000 ____D C:\Program Files\Common Files\AV
2019-03-23 20:40 - 2018-12-27 00:31 - 000100064 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2019-03-23 20:40 - 2018-12-27 00:31 - 000008585 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2019-03-23 20:40 - 2018-12-27 00:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-03-19 19:43 - 2018-12-26 20:02 - 000000000 ____D C:\WINDOWS\INF
2019-03-19 19:27 - 2018-12-26 22:20 - 000909850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-19 19:21 - 2018-12-26 21:41 - 000404904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\Program Files\Windows Defender
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-19 18:41 - 2018-12-26 19:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-19 18:09 - 2018-12-26 22:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-19 17:59 - 2018-12-26 22:50 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-19 17:32 - 2018-12-26 22:50 - 000000000 ____D C:\Program Files\rempl
2019-03-03 09:54 - 2018-12-26 20:19 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 09:54 - 2018-12-26 20:19 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-12-26 21:41
 
==================== End of FRST.txt ============================

 


  • 0

Advertisements

#2
iMacg3
Posted 05 April 2019 - 11:46 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Sorry for the delay.
Do you still need help?
  • 0

#3
commanderk
Posted 05 April 2019 - 03:19 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hello,

 

I still have the problem. Not sure if it's hardware or software. 

 

Thanks,

 

Kody


  • 0

#4
iMacg3
Posted 05 April 2019 - 05:41 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

No malware was found in your logs.
Please run this FRST fix to clean up some empty registry entries:

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File

CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_widemail_chr_win&type=default
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10


CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
FirewallRules: [TCP Query User{6AF3601E-66AA-4626-A594-A4255B3C7CE2}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File
FirewallRules: [UDP Query User{341C8A77-CC24-48BF-B295-28FE70372326}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.

Let me know how the computer is doing.
  • 0

#5
commanderk
Posted 05 April 2019 - 10:33 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Ran the fix. Still have the same result. Thanks for your help so far. I'm thinking I may try to return it to Costco. 


  • 0

#6
iMacg3
Posted 06 April 2019 - 08:24 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Hi,
 

Clean Boot

  • Click on the Start Button. Type create a restore point in the search box and select Create a restore point from the list of results.
  • Click on Create. Give your restore point a name, and follow the on-screen instructions to create a restore point.
  • Once you have created the restore point, press the Windows Key + R. Type msconfig and click on OK.
  • MSConfig will now open. Click on the Services tab, then check the Hide all Microsoft services box. Next, select Disable all.
  • Click on the Startup tab, then select Open Task Manager. In Task Manager, navigate to the Startup tab. Select each startup item and click Disable until all are disabled.
  • Close the Task Manager. In the MSConfig Startup, click on OK, and then restart the computer.
  • Test your computer performance.

Let me know if the computer is still slow in Clean Boot.


  • 0

#7
commanderk
Posted 07 April 2019 - 04:02 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I did this too. Still have the cooling fan issue. Computer seems faster though. 


  • 0

#8
iMacg3
Posted 07 April 2019 - 06:54 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

From Clean Boot mode, please run a new FRST scan and copy/paste both reports into your reply.
  • 0

#9
commanderk
Posted 07 April 2019 - 11:27 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi. I removed Chrome and installed Firefox. I'm not sure if there's any improvement yet.

 

Here're are the reports.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by kody (07-04-2019 22:19:36)
Running from C:\Users\kody\Downloads
Windows 10 Home Version 1803 17134.648 (X64) (2018-12-27 05:25:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1513066782-2088970526-2524805393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1513066782-2088970526-2524805393-503 - Limited - Disabled)
Guest (S-1-5-21-1513066782-2088970526-2524805393-501 - Limited - Disabled)
kody (S-1-5-21-1513066782-2088970526-2524805393-1001 - Administrator - Enabled) => C:\Users\kody
WDAGUtilityAccount (S-1-5-21-1513066782-2088970526-2524805393-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{4486FC50-ADE1-35F5-66D3-CFBBFC9A8A35}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{6EF6941D-4393-2231-3D29-C52ED8ED485F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{01ED4501-7134-67E5-0AF0-3B6003646E1A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{201D8B07-20D4-F26D-EF13-54D4646B180D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{F9F6F0CC-DE19-9FEA-5618-8D3891E57A2A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FDFEBDEA-140C-AF32-5D1D-D85858CF589D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{1D9889C7-EF3A-2404-19E7-4517C20D8783}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7784F531-3276-EBB5-F590-F62151FE39A9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{B72AFCAB-62B2-64CB-7C01-3FAB601F163D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{BEBEB9E8-D83E-FC1A-6EB4-EA3609DA4967}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DE06415A-00C1-CA00-082B-693F3F04D9E9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E08332C8-2494-C7DF-AD2C-C5C8BDACFBCB}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{19C0293F-9157-3931-F773-64F879906064}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{24473F97-CBC2-F5E5-1679-E5A8E855B8C9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{58C33198-3421-5C93-2993-B69796CD64FC}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{F852D37B-B837-4DE4-E39D-5DDB8D3CFDB0}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{3FB42013-DFEA-42C7-2409-2A993F0A125F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C2897673-0B26-4063-9A23-A7A240853CD6}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{AEA98D17-8D5A-1E46-8BE4-03B35F8E9E88}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E42B85E8-5E5C-F890-A943-CA53E9212DB0}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{45571752-4A06-D0B6-9626-AA42F733F06A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B19E0896-465A-0886-2F49-6CD68AB7C229}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{7EC80E29-C710-843D-AEF8-3E03473D0166}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F30F0CCF-3B16-2104-BA67-48F3B2672140}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{122ADD10-7018-B294-8DC1-02342300D48C}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{6DF59C47-EAA3-09D8-E1A1-ADF4ADD66771}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{B5775CBB-66DA-C816-7673-A21562B89C75}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DB3312FA-CD19-EDF6-1DDE-A53A796991B5}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{625D3128-2C37-F193-1346-0727DD1E6E96}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{66D1F45C-49C4-9A92-9626-42ACF3F91A9F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{8273D1D8-B88C-D734-64B1-FCF240B64844}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CBD24DD2-87EF-84C3-CE61-7ACF33779AFA}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{08AE5F97-73E6-2049-1976-12C786CD1828}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{47DF4A8E-AA22-1D21-928E-31321BDE2F54}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{06CADB25-FB27-A855-2313-FC36E23EFA40}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{48ACCBEA-F85D-0908-24D6-A8DDBE0621C2}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{86521D14-67A5-D13B-44DD-64E3BDBEE245}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{8AAE5F4C-8872-7F86-79A6-0ECF95663F53}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{592CD17B-5233-12E7-F0DE-BD29B5FC88E3}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{EEB0FB79-C020-3725-867E-6FF3EA0782A1}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{002EA904-A5F5-0A9D-FEC6-E5C245C4AB56}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B1DE4F1A-449C-75A6-16D1-CB7B6BCE526C}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
ELAN Touchpad 18.2.22.3_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.22.3 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2FC69222-01B3-479E-80E6-0AFC593A312A}) (Version: 1.4.23 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.2 (x64 en-US)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.2 - Mozilla)
Norton Security Online (HKLM-x32\...\NGC) (Version: 22.17.0.183 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.21.811.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8393 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WD Backup (HKLM-x32\...\{50C6CAE8-562E-440D-8616-E0514D41CC10}) (Version: 1.9.6941.25593 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{6531bf4b-4bad-46a5-9562-766d0a858003}) (Version: 1.9.6941.25593 - Western Digital Technologies, Inc.)
WD Desktop App 2.1.0.215 (HKLM-x32\...\{600c6234-d6fa-41b4-bfad-1cbe278b5210}) (Version: 2.1.0.215 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.215 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.215 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 3.2.256 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{546D15D7-D6AF-422B-B4E5-05AF20BA8573}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: WDFSMountNotificator-wdfsconnect2017 - {4E295DAB-5DFE-4ABF-B1F3-072F46519D85} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {4E295DAB-5DFE-4ABF-B1F3-072F46519D85} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {4c5433f8-1458-3b00-ad24-bff2766047e8} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {4c5433f8-1458-3b00-ad24-bff2766047e8} => C:\Program Files\WD Desktop App\kda.DLL [2019-01-04] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-25] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.0.183\buShell.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.0.183\NavShExt.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041B1146-2B2B-48B1-AE9E-9970F3545C67} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {08FBEC1D-A176-4CA4-9966-011A5134D16C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.0.183\WSCStub.exe (Symantec Corporation -> Symantec Corporation)
Task: {2748EEA6-BBD8-42A2-8A0A-99D528E47BC7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2B333D8F-6597-493F-A002-896E8146273C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2D8F02D5-06B6-47CD-9F2B-B84EBDB51515} - System32\Tasks\WD Discovery Service Task kody => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe (Western Digital Technologies, Inc. -> )
Task: {2DB927CF-2826-44F5-B80B-34C1D7E9DFE8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online\Upgrade.exe (Symantec Corporation -> Symantec Corporation)
Task: {5C98DCF5-F164-4556-8712-EF08D903E627} - System32\Tasks\WD Device Agent Task kody => C:\Users\kody\AppData\Roaming\WD Discovery\plugins\com.wdc.plugin.catalog\current\library\WD Device Agent.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {6515B0C7-3C4E-41D9-BB43-FDC96035AC10} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {6BB23FC3-3698-413A-8102-3FCB31B7A712} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7112B4C7-9BAC-4B5C-900B-E5EDE9959BFB} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {80BA2026-6538-4B6A-AD10-76F52F7B956B} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\kody\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A05BD651-2637-4A11-9B15-E37F4323D070} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A5768667-F70D-4C5C-A9B2-2587B473A4FA} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {A9EDB601-49B0-4262-A9C6-F2AEDBEC28D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {ACC1BDD4-D6EE-4D4D-9380-77CEF41CF220} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {B0C44A61-221C-493E-AACC-299BCFC78535} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B73EA057-C166-4450-82AE-4F091CA042A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B7AAC8B1-DE58-4EAA-AD93-B607429792DA} - System32\Tasks\Norton Security with Backup\Norton Security Online Autofix => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {B93A40DB-BE01-44BB-A912-08D66EB19A61} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BEDCF236-6962-4F8E-8ECF-6A3C3C5D29AE} - System32\Tasks\Norton Security with Backup\Norton Security Online Error Processor => C:\Program Files\Norton Security\Engine\22.17.0.183\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {C7C93DDA-E3EE-4B01-9A60-1D6598F92120} - System32\Tasks\StartCN => c:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D8537E70-48D4-4FFF-A975-1B7F54F34331} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {E562CA40-FF20-4A31-BD11-4FDABDB45BF9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FF09909C-BA71-4AB6-BC87-D1D84616B30B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-06 18:59 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) [File not signed] C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 005496320 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000912384 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 002924544 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 005444608 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000277504 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 003187712 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 000193024 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 005804544 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 19:48 - 2016-09-14 19:48 - 001061376 _____ (The Qt Company Ltd) [File not signed] c:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-11-20 14:32 - 2018-11-20 14:32 - 002637985 _____ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2019-04-06 18:58 - 2019-04-06 18:58 - 014196224 _____ (Node.js) [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\node.dll
2019-04-06 18:58 - 2019-04-06 18:58 - 001704448 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-29 16:33 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\915a93bc288cb667c4ead9459692161c\HPAudioSwitch.ni.exe
2019-03-19 19:44 - 2019-03-19 19:44 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\a1d8f678b50292d989072e1b75e72ba8\log4net.ni.dll
2019-03-19 19:44 - 2019-03-19 19:44 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\18abc1546f7fd36f2144e91ae6116b8d\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\818fad3eb6b481a0e888c5e2569a1694\NAudio.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\4582e50ce61e5fbb8e458df79cd7a84e\Newtonsoft.Json.ni.dll
2019-03-19 19:45 - 2019-03-19 19:45 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9384196ea1e1fa6c9b853d15a9e3b0c9\Interop.IWshRuntimeLibrary.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kgl_0903.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdaptiveSleepService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Comm Recover => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NortonSecurity => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4B5E18F3-F2B8-418C-BE4B-C409AD148B84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D864E17C-FA84-4A4F-8C22-11AAB9C14376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{618224FC-6BA3-4BBF-AF40-66EB50D0CDC8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B83A28D6-A1EB-41A7-8DDF-C632FC570C6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57BB3448-35C1-448A-A0BD-23D81A44450C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20108.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D20DEAF0-D907-41AB-A3D2-FA3C608253A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7B2E409-453A-4CF5-9165-BB34069BE248}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B83CACD6-9829-48D2-9C0D-D7316989DE09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2972BC66-440B-4DA4-AC47-391211952E42}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{8BF8FF4B-BC1B-4B8E-A1F3-2F3B4F140972}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7FF5BC6D-D2C6-408D-91DC-5AC371FAB323}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B20DB95F-1106-4E3C-894A-9D92ACB16D9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BBB7F190-E91F-4FAF-8E3F-47C19B73E4D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

19-03-2019 17:28:41 Windows Update
29-03-2019 15:51:46 Scheduled Checkpoint
04-04-2019 18:07:55 Windows Update
06-04-2019 18:11:15 040619

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2019 05:12:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....

Error: (04/06/2019 02:26:12 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (04/06/2019 02:26:12 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (04/05/2019 09:24:14 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (04/05/2019 09:19:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/05/2019 09:16:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7982699a-22c7-43f5-9062-3b10ed16bfe4}

Error: (04/05/2019 05:38:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9938

Error: (04/05/2019 05:38:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9938


System errors:
=============
Error: (04/07/2019 10:14:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 10:14:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 10:11:29 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 10:11:22 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 04:09:44 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 03:58:39 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 03:58:38 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 03:58:37 PM) (Source: DCOM) (EventID: 10016) (User: KODYNB2018)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KODYNB2018\kody SID (S-1-5-21-1513066782-2088970526-2524805393-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: AMD A10-9620P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 24%
Total physical RAM: 11743.18 MB
Available physical RAM: 8808.85 MB
Total Virtual: 13535.18 MB
Available Virtual: 10562.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.71 GB) (Free:751.55 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.57 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a7da5a48-9b9f-4920-8e4c-759de6aa576f}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{9bf78432-8456-4792-a61a-8a75a5c14854}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by kody (administrator) on KODYNB2018 (07-04-2019 22:16:24)
Running from C:\Users\kody\Downloads
Loaded Profiles: kody (Available Profiles: kody)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\kdd
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Users\kody\AppData\Roaming\WD Discovery\plugins\com.wdc.plugin.catalog\current\library\WD Device Agent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3666536 2018-03-15] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [704832 2017-04-27] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306984 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [49443304 2019-04-06] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2019-01-02] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{51f3aaa5-5078-4b60-90f5-9a529f1aa10f}: [DhcpNameServer] 172.168.0.7
Tcpip\..\Interfaces\{c3461718-c7f5-4957-ab72-b80a28cb0476}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {7CAC81C5-A680-4E86-B935-332DE6D2D0C3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7CAC81C5-A680-4E86-B935-332DE6D2D0C3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85}' -> No File
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85}' -> No File
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.0.183\coIEPlg.dll [2019-03-07] (Symantec Corporation -> Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ye501awe.default
FF ProfilePath: C:\Users\kody\AppData\Roaming\Mozilla\Firefox\Profiles\ye501awe.default [2019-04-07]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_widemail_chr_win&type=default
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default [2019-04-07]
CHR Extension: (Honey) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-04-05]
CHR Extension: (Adobe Acrobat) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-05]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2019-04-05]
CHR Extension: (AdBlock) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-04-05]
CHR Extension: (Google Hangouts) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-04-05]
CHR Extension: (InvisibleHand) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2019-04-05]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-04-05]
CHR Extension: (Yahoo Web) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\njajpefejmjnhcddhaleakkcehiilppa [2019-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-05]
CHR Extension: (DISH Anywhere Chrome Video Player) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiogfjcmcooikkpemeppajhnmpeekgf [2019-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\kody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.0.183\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-09-25] (Advanced Micro Devices, Inc. -> )
S4 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [561576 2017-10-13] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [152680 2018-03-15] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S4 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
S4 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S4 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.0.183\NortonSecurity.exe [225600 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.0.183\nsWscSvc.exe [934216 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [265672 2018-12-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19360 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19360 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19360 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19360 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331144 2017-04-11] (Western Digital Techologies -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34672 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54128 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318605.inf_amd64_031e1fc2cec2dd33\atikmdag.sys [36583336 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDKMDAP; C:\WINDOWS\System32\DriverStore\FileRepository\c0318605.inf_amd64_031e1fc2cec2dd33\atikmpag.sys [537512 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [106416 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [243048 2017-10-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91640 2017-10-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.15.0.88\Definitions\BASHDefs\20190402.001\BHDrvx64.sys [1934048 2019-02-07] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\ccSetx64.sys [192712 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-09-25] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\System32\drivers\dot4usb.sys [49056 2012-09-25] (Hewlett-Packard Company -> Microsoft Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-27] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2018-12-27] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32816 2018-03-15] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.15.0.88\Definitions\IPSDefs\20190405.061\IDSvia64.sys [1424392 2019-02-20] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-29] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8723648 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-09-12] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-08-07] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSP64.SYS [859864 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SRTSPX64.SYS [49888 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SYMEFASI64.SYS [1998344 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\SymELAM.sys [25744 2019-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-23] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.15.0.88\SymPlatform\SymEvnt.sys [700640 2019-02-19] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\Ironx64.SYS [315912 2019-03-07] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\symnets.sys [573448 2019-03-07] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611000.0B7\wpCtrlDrv.sys [1012120 2019-03-07] (Symantec Corporation -> Symantec Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 22:15 - 2019-04-07 22:15 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-07 22:14 - 2019-04-07 22:14 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-07 22:14 - 2019-04-07 22:14 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-07 22:14 - 2019-04-07 22:14 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-07 15:17 - 2019-04-07 15:18 - 000000000 ____D C:\ProgramData\Mozilla
2019-04-07 15:17 - 2019-04-07 15:17 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-07 15:17 - 2019-04-07 15:17 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-04-07 15:17 - 2019-04-07 15:17 - 000000000 ____D C:\Users\kody\AppData\Roaming\Mozilla
2019-04-07 15:17 - 2019-04-07 15:17 - 000000000 ____D C:\Users\kody\AppData\Local\Mozilla
2019-04-07 15:17 - 2019-04-07 15:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-04-07 15:17 - 2019-04-07 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-06 19:07 - 2019-04-06 19:07 - 000000000 ____D C:\Users\kody\AppData\Roaming\Western Digital
2019-04-06 19:06 - 2019-04-06 19:06 - 000002193 _____ C:\Users\Public\Desktop\WD Backup.lnk
2019-04-06 18:59 - 2019-04-06 18:59 - 000000000 ____D C:\Users\kody\AppData\Roaming\WDDesktop
2019-04-06 18:59 - 2017-11-21 12:03 - 000468112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdfsconnect2017.sys
2019-04-06 18:59 - 2017-11-21 12:03 - 000020624 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdvpnpbus.sys
2019-04-06 18:59 - 2017-11-10 12:51 - 000223744 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectNetRdr2017.dll
2019-04-06 18:59 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll
2019-04-06 18:59 - 2017-11-10 12:51 - 000154112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll
2019-04-06 18:59 - 2017-11-10 12:51 - 000118272 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectNetRdr2017.dll
2019-04-06 18:59 - 2017-11-10 12:51 - 000002560 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectevtmsg.dll
2019-04-06 18:58 - 2019-04-06 19:04 - 000000000 ____D C:\Program Files\WD Desktop App
2019-04-06 18:58 - 2019-04-06 18:58 - 000003224 _____ C:\WINDOWS\System32\Tasks\WD Device Agent Task kody
2019-04-06 18:58 - 2019-04-06 18:58 - 000003222 _____ C:\WINDOWS\System32\Tasks\WD Discovery Service Task kody
2019-04-06 18:54 - 2019-04-06 19:06 - 000000000 ____D C:\Program Files (x86)\Western Digital
2019-04-06 18:54 - 2019-04-06 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2019-04-06 18:54 - 2019-04-06 18:54 - 000000000 ____D C:\ProgramData\Western Digital
2019-04-06 18:53 - 2019-04-07 22:15 - 000000000 ____D C:\Users\kody\AppData\Roaming\WD Discovery
2019-04-06 18:53 - 2019-04-07 22:15 - 000000000 ____D C:\Users\kody\.wdc
2019-04-06 18:39 - 2019-04-06 18:39 - 000007668 _____ C:\Users\kody\AppData\Local\Resmon.ResmonCfg
2019-04-05 22:22 - 2019-04-05 22:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-04-05 21:32 - 2019-04-05 21:32 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-04-05 21:32 - 2019-04-05 21:32 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-04-05 21:31 - 2019-04-05 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-04-05 21:16 - 2019-04-05 21:19 - 000005354 _____ C:\Users\kody\Downloads\Fixlog.txt
2019-04-05 14:15 - 2019-04-05 14:15 - 000246010 _____ C:\Users\kody\Downloads\Dashboard_3751603837_04-05-2019.PDF
2019-04-04 23:56 - 2019-04-04 23:56 - 000241875 _____ C:\Users\kody\Downloads\Detail_3751603837_04-04-2019.PDF
2019-04-04 23:19 - 2019-04-04 23:19 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-04-04 23:11 - 2019-04-04 23:11 - 000000000 ____D C:\Intel
2019-04-04 23:09 - 2019-04-04 23:11 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-04-03 12:58 - 2019-04-03 12:58 - 000133141 _____ C:\Users\kody\Downloads\K&G Homes-Greg Fredericksen & Kody Lyons (1).pdf
2019-04-03 12:57 - 2019-04-03 12:57 - 000133141 _____ C:\Users\kody\Downloads\K&G Homes-Greg Fredericksen & Kody Lyons.pdf
2019-04-02 22:02 - 2019-04-02 22:02 - 000000000 ___HD C:\$SysReset
2019-04-02 12:17 - 2019-04-02 12:17 - 003054268 _____ C:\Users\kody\Documents\2019-04-02 Kody Lyons.pdf
2019-04-01 20:16 - 2019-04-01 20:21 - 000052730 _____ C:\Users\kody\Downloads\Addition.txt
2019-04-01 20:11 - 2019-04-07 22:18 - 000022402 _____ C:\Users\kody\Downloads\FRST.txt
2019-04-01 20:11 - 2019-04-07 22:16 - 000000000 ____D C:\FRST
2019-04-01 20:10 - 2019-04-01 20:10 - 002434048 _____ (Farbar) C:\Users\kody\Downloads\FRST64.exe
2019-03-31 12:05 - 2019-03-31 12:05 - 001214008 _____ (Google LLC) C:\Users\kody\Downloads\ChromeSetup (1).exe
2019-03-29 16:36 - 2019-03-29 16:36 - 000000000 ____D C:\Users\kody\AppData\Local\mbam
2019-03-29 16:34 - 2019-03-29 16:34 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-29 16:34 - 2019-03-29 16:34 - 000000000 ____D C:\Users\kody\AppData\Local\mbamtray
2019-03-29 16:33 - 2019-03-29 16:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-29 16:33 - 2019-03-29 16:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-29 16:33 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-29 16:33 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-29 16:32 - 2019-03-29 16:32 - 062540088 _____ (Malwarebytes ) C:\Users\kody\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9910.exe
2019-03-28 12:06 - 2019-03-28 12:06 - 005523480 _____ C:\Users\kody\Documents\VM Authorization Kody Lyons.pdf
2019-03-23 20:41 - 2019-04-06 14:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2019-03-23 20:40 - 2019-03-24 20:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-03-23 20:40 - 2019-03-23 20:40 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-03-19 18:11 - 2019-03-06 08:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-19 18:11 - 2019-03-06 02:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-19 18:11 - 2019-03-06 02:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-19 18:11 - 2019-03-06 01:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-19 18:11 - 2019-03-06 01:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-19 18:11 - 2019-03-06 01:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-19 18:11 - 2019-03-06 01:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-19 18:11 - 2019-03-06 01:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-19 18:11 - 2019-03-05 23:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-19 18:11 - 2019-03-05 23:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-19 18:11 - 2019-03-05 22:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-19 18:11 - 2019-03-05 22:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-19 18:11 - 2019-03-05 22:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-19 18:11 - 2019-02-16 05:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-19 18:11 - 2019-02-16 03:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-19 18:11 - 2019-02-16 03:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-19 18:11 - 2019-02-16 01:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-19 18:11 - 2019-02-16 01:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-19 18:11 - 2019-02-16 00:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-19 18:11 - 2019-02-16 00:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-19 18:10 - 2019-03-06 08:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-19 18:10 - 2019-03-06 08:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-19 18:10 - 2019-03-06 08:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-19 18:10 - 2019-03-06 08:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-19 18:10 - 2019-03-06 08:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-19 18:10 - 2019-03-06 08:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-19 18:10 - 2019-03-06 08:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-19 18:10 - 2019-03-06 08:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-19 18:10 - 2019-03-06 08:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-19 18:10 - 2019-03-06 08:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-19 18:10 - 2019-03-06 08:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-19 18:10 - 2019-03-06 08:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-19 18:10 - 2019-03-06 05:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-19 18:10 - 2019-03-06 05:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-19 18:10 - 2019-03-06 05:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-19 18:10 - 2019-03-06 05:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-19 18:10 - 2019-03-06 05:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-19 18:10 - 2019-03-06 05:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-19 18:10 - 2019-03-06 05:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-19 18:10 - 2019-03-06 05:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-19 18:10 - 2019-03-06 05:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-19 18:10 - 2019-03-06 04:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-19 18:10 - 2019-03-06 02:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-19 18:10 - 2019-03-06 02:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-19 18:10 - 2019-03-06 02:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-19 18:10 - 2019-03-06 02:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-19 18:10 - 2019-03-06 02:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-19 18:10 - 2019-03-06 02:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-19 18:10 - 2019-03-06 02:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-19 18:10 - 2019-03-06 02:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-19 18:10 - 2019-03-06 02:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-19 18:10 - 2019-03-06 02:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-19 18:10 - 2019-03-06 02:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-19 18:10 - 2019-03-06 02:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-19 18:10 - 2019-03-06 02:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-19 18:10 - 2019-03-06 02:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-19 18:10 - 2019-03-06 02:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-19 18:10 - 2019-03-06 02:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-19 18:10 - 2019-03-06 02:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-19 18:10 - 2019-03-06 02:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-19 18:10 - 2019-03-06 02:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-19 18:10 - 2019-03-06 02:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-19 18:10 - 2019-03-06 02:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-19 18:10 - 2019-03-06 02:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-19 18:10 - 2019-03-06 02:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-19 18:10 - 2019-03-06 02:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-19 18:10 - 2019-03-06 02:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-19 18:10 - 2019-03-06 02:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-19 18:10 - 2019-03-06 02:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-19 18:10 - 2019-03-06 01:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-19 18:10 - 2019-03-06 01:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-19 18:10 - 2019-03-06 01:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-19 18:10 - 2019-03-06 01:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-19 18:10 - 2019-03-06 01:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-19 18:10 - 2019-03-06 01:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-19 18:10 - 2019-03-06 01:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-19 18:10 - 2019-03-06 01:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-19 18:10 - 2019-03-06 01:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-19 18:10 - 2019-03-06 01:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-19 18:10 - 2019-03-06 01:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-19 18:10 - 2019-03-06 01:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-19 18:10 - 2019-03-06 01:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-19 18:10 - 2019-03-06 01:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-19 18:10 - 2019-03-06 01:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-19 18:10 - 2019-03-06 01:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-19 18:10 - 2019-03-06 00:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-19 18:10 - 2019-03-05 23:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-19 18:10 - 2019-03-05 23:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-19 18:10 - 2019-03-05 23:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-19 18:10 - 2019-03-05 23:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-19 18:10 - 2019-03-05 23:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-19 18:10 - 2019-03-05 23:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-19 18:10 - 2019-03-05 23:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-19 18:10 - 2019-03-05 22:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-19 18:10 - 2019-03-05 22:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-19 18:10 - 2019-03-05 22:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-19 18:10 - 2019-03-05 22:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-19 18:10 - 2019-03-05 22:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-19 18:10 - 2019-03-05 22:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-19 18:10 - 2019-03-05 22:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-19 18:10 - 2019-03-05 22:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-19 18:10 - 2019-03-05 22:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-19 18:10 - 2019-03-05 22:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-19 18:10 - 2019-02-20 20:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-19 18:10 - 2019-02-16 06:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-19 18:10 - 2019-02-16 06:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-19 18:10 - 2019-02-16 06:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-19 18:10 - 2019-02-16 05:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-19 18:10 - 2019-02-16 05:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-19 18:10 - 2019-02-16 05:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-19 18:10 - 2019-02-16 05:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-19 18:10 - 2019-02-16 05:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-19 18:10 - 2019-02-16 05:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-19 18:10 - 2019-02-16 05:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-19 18:10 - 2019-02-16 05:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-19 18:10 - 2019-02-16 05:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-19 18:10 - 2019-02-16 05:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-19 18:10 - 2019-02-16 05:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-19 18:10 - 2019-02-16 05:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-19 18:10 - 2019-02-16 05:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-19 18:10 - 2019-02-16 05:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-19 18:10 - 2019-02-16 05:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-19 18:10 - 2019-02-16 05:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-19 18:10 - 2019-02-16 05:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-19 18:10 - 2019-02-16 05:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-19 18:10 - 2019-02-16 05:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-19 18:10 - 2019-02-16 05:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-19 18:10 - 2019-02-16 05:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-19 18:10 - 2019-02-16 05:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-19 18:10 - 2019-02-16 05:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-19 18:10 - 2019-02-16 05:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-19 18:10 - 2019-02-16 01:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-19 18:10 - 2019-02-16 01:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-19 18:10 - 2019-02-16 01:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-19 18:10 - 2019-02-16 01:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-19 18:10 - 2019-02-16 01:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-19 18:10 - 2019-02-16 01:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-19 18:10 - 2019-02-16 01:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-19 18:10 - 2019-02-16 01:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-19 18:10 - 2019-02-16 01:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-19 18:10 - 2019-02-16 01:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-19 18:10 - 2019-02-16 01:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-19 18:10 - 2019-02-16 01:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-19 18:10 - 2019-02-16 01:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-19 18:10 - 2019-02-16 00:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-19 18:10 - 2019-02-16 00:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-19 18:10 - 2019-02-16 00:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-19 18:10 - 2019-02-16 00:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-19 18:10 - 2019-02-16 00:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-19 18:10 - 2019-02-16 00:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-19 18:10 - 2019-02-16 00:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-19 18:10 - 2019-02-16 00:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-19 18:10 - 2019-02-16 00:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-19 18:10 - 2019-02-16 00:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-19 18:10 - 2019-02-16 00:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-19 18:10 - 2019-02-16 00:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-19 18:10 - 2019-02-16 00:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-19 18:10 - 2019-02-16 00:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-19 18:10 - 2019-02-16 00:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-19 18:10 - 2019-02-16 00:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-19 18:10 - 2019-02-16 00:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-19 18:10 - 2019-02-16 00:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-19 18:10 - 2019-02-16 00:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-19 18:10 - 2019-02-16 00:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-19 18:10 - 2019-02-16 00:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-08 21:54 - 2019-03-08 21:54 - 000000823 _____ C:\Users\kody\Downloads\4083869.gz

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 22:18 - 2018-12-27 18:49 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EC17B0E-D771-4723-BAF3-F7AED88CCA23}
2019-04-07 22:14 - 2018-12-26 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-07 22:14 - 2018-12-26 20:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-07 22:12 - 2018-12-26 21:46 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2019-04-07 22:12 - 2018-12-26 19:32 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-07 22:12 - 2018-11-28 22:53 - 000000000 ____D C:\Users\kody\AppData\LocalLow\Mozilla
2019-04-07 22:11 - 2018-12-26 21:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-07 15:21 - 2018-12-26 21:41 - 000407368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-07 15:14 - 2018-12-27 00:54 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-06 22:20 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\Registration
2019-04-06 19:06 - 2018-12-26 21:46 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-06 18:59 - 2018-12-26 20:02 - 000000000 ____D C:\WINDOWS\INF
2019-04-06 18:53 - 2018-12-26 22:12 - 000000000 ____D C:\Users\kody
2019-04-05 21:40 - 2018-04-20 22:12 - 000000000 __RDC C:\Users\kody\Google Drive
2019-04-05 21:26 - 2018-12-27 18:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-05 21:23 - 2018-12-26 19:32 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-04 23:20 - 2018-04-10 19:50 - 000000000 ____D C:\ProgramData\Intel
2019-04-04 23:19 - 2018-04-10 19:50 - 000000000 ____D C:\Program Files (x86)\Intel
2019-04-04 23:13 - 2018-04-10 19:49 - 000000000 ____D C:\Program Files\Intel
2019-04-04 21:59 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-04 19:35 - 2018-12-26 22:31 - 000000000 ____D C:\Users\kody\AppData\Local\Packages
2019-04-04 18:13 - 2018-12-26 20:09 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-04 18:10 - 2018-12-26 22:50 - 000000000 ____D C:\Program Files\rempl
2019-03-29 17:47 - 2019-01-25 19:13 - 000000000 ____D C:\Users\kody\AppData\Local\CrashDumps
2019-03-29 17:47 - 2019-01-08 19:13 - 000000000 ____D C:\Users\kody\AppData\Roaming\SlingMedia
2019-03-29 17:47 - 2019-01-08 19:12 - 000000000 ____D C:\Program Files (x86)\DishAnywherePlayer
2019-03-29 17:40 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-29 16:34 - 2018-12-26 20:09 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-29 16:33 - 2018-12-25 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-26 18:35 - 2018-12-26 22:34 - 000000000 ____D C:\Users\kody\AppData\Local\PlaceholderTileLogoFolder
2019-03-24 22:52 - 2017-10-05 16:40 - 000929586 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-03-23 21:06 - 2018-12-27 01:40 - 000000000 ____D C:\Program Files\Common Files\AV
2019-03-23 20:40 - 2018-12-27 00:31 - 000100064 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2019-03-23 20:40 - 2018-12-27 00:31 - 000008585 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2019-03-23 20:40 - 2018-12-27 00:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-03-19 19:27 - 2018-12-26 22:20 - 000909850 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-19 19:11 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\Program Files\Windows Defender
2019-03-19 19:09 - 2018-12-26 20:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-19 18:41 - 2018-12-26 19:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-19 18:09 - 2018-12-26 22:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-19 17:59 - 2018-12-26 22:50 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2019-04-06 18:39 - 2019-04-06 18:39 - 000007668 _____ () C:\Users\kody\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-04-06 18:57 - 2019-04-06 18:57 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\0202c0d1-4876-438d-981f-67c6ca2312d0.tmp.exe
2019-04-07 15:22 - 2019-04-07 15:22 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\10b1791c-cab6-42cb-9575-7408e48e51c0.tmp.exe
2019-04-06 19:04 - 2019-04-06 19:04 - 000058336 _____ (NirSoft) C:\Users\kody\AppData\Local\Temp\390ac5f4-c388-4a13-aa31-18e8ba2c2104.tmp.exe
2019-04-06 18:55 - 2019-04-06 18:55 - 000103424 _____ () C:\Users\kody\AppData\Local\Temp\7721.tmp.exe
2019-04-06 18:53 - 2019-04-06 18:53 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\8726.tmp.exe
2019-04-06 18:55 - 2019-04-06 18:55 - 000044544 _____ (NirSoft) C:\Users\kody\AppData\Local\Temp\8962.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000651776 _____ (Igor Pavlov) C:\Users\kody\AppData\Local\Temp\8b776d77-94a2-4f5b-813f-818844fbc1a5.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\8de1560c-7d71-42ef-a276-9fd546f74b4d.tmp.exe
2019-04-07 15:23 - 2019-04-07 15:23 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\c534830f-2eb1-4c54-8ae3-6806d0e9db09.tmp.exe
2019-04-07 22:15 - 2019-04-07 22:15 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\c967e016-4252-48d4-b70a-467005d88bb7.tmp.exe
2019-04-07 22:15 - 2019-04-07 22:15 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\cf9aa478-86f5-4a17-88c4-8f2041f7c356.tmp.exe
2019-04-06 19:02 - 2019-04-06 19:02 - 000103424 _____ () C:\Users\kody\AppData\Local\Temp\d20a5423-9264-49da-a2db-60544b164c0d.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\dbebbb4c-a583-49ad-84b7-b1eabcf93fb6.tmp.exe
2019-04-06 18:57 - 2019-04-06 18:57 - 000651776 _____ (Igor Pavlov) C:\Users\kody\AppData\Local\Temp\DE54.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-26 21:41

==================== End of FRST.txt ============================


  • 0

#10
commanderk
Posted 07 April 2019 - 11:31 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Not better.


  • 0

Advertisements

#11
iMacg3
Posted 08 April 2019 - 09:09 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Does the computer perform better in Clean Boot?

-----------------------

Did you set Yahoo as your Chrome homepage intentionally?

Highlight the contents of the below code box and press Ctrl + C:
Start::

EmptyTemp:

BHO: No Name -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85}' -> No File
BHO-x32: No Name -> {4E295DAB-5DFE-4ABF-B1F3-072F46519D85}' -> No File

virustotal: C:\Users\kody\AppData\Local\Temp\7721.tmp.exe

2019-04-06 18:57 - 2019-04-06 18:57 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\0202c0d1-4876-438d-981f-67c6ca2312d0.tmp.exe
2019-04-07 15:22 - 2019-04-07 15:22 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\10b1791c-cab6-42cb-9575-7408e48e51c0.tmp.exe
2019-04-06 19:04 - 2019-04-06 19:04 - 000058336 _____ (NirSoft) C:\Users\kody\AppData\Local\Temp\390ac5f4-c388-4a13-aa31-18e8ba2c2104.tmp.exe
2019-04-06 18:55 - 2019-04-06 18:55 - 000103424 _____ () C:\Users\kody\AppData\Local\Temp\7721.tmp.exe
2019-04-06 18:53 - 2019-04-06 18:53 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\8726.tmp.exe
2019-04-06 18:55 - 2019-04-06 18:55 - 000044544 _____ (NirSoft) C:\Users\kody\AppData\Local\Temp\8962.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000651776 _____ (Igor Pavlov) C:\Users\kody\AppData\Local\Temp\8b776d77-94a2-4f5b-813f-818844fbc1a5.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\8de1560c-7d71-42ef-a276-9fd546f74b4d.tmp.exe
2019-04-07 15:23 - 2019-04-07 15:23 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\c534830f-2eb1-4c54-8ae3-6806d0e9db09.tmp.exe
2019-04-07 22:15 - 2019-04-07 22:15 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\c967e016-4252-48d4-b70a-467005d88bb7.tmp.exe
2019-04-07 22:15 - 2019-04-07 22:15 - 000073728 _____ () C:\Users\kody\AppData\Local\Temp\cf9aa478-86f5-4a17-88c4-8f2041f7c356.tmp.exe
2019-04-06 19:02 - 2019-04-06 19:02 - 000103424 _____ () C:\Users\kody\AppData\Local\Temp\d20a5423-9264-49da-a2db-60544b164c0d.tmp.exe
2019-04-06 18:59 - 2019-04-06 18:59 - 000010752 _____ () C:\Users\kody\AppData\Local\Temp\dbebbb4c-a583-49ad-84b7-b1eabcf93fb6.tmp.exe
2019-04-06 18:57 - 2019-04-06 18:57 - 000651776 _____ (Igor Pavlov) C:\Users\kody\AppData\Local\Temp\DE54.tmp.exe

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.

-----------------------


Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

-----------------------

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

  • 0

#12
commanderk
Posted 08 April 2019 - 07:16 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I did set Yahoo as my homepage. i ran ESET and it said it didn't find anything. It also didn't generate a log. Maybe I did something wrong? It all seemed to do everything else mentioned in the instructions. Fan is still cycling. I'm thinking it's hardware.


  • 0

#13
iMacg3
Posted 09 April 2019 - 07:12 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

The cooling fan issue sounds like a hardware problem.

Please post the "fixlog.txt" file created by FRST in your reply.

Thanks. :)
  • 0

#14
commanderk
Posted 09 April 2019 - 09:19 PM

commanderk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

This is the only one from 4/5. Thanks. Computer seems better tonight.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17..03.2019
Ran by kody (05-04-2019 21:16:59) Run:1
Running from C:\Users\kody\Downloads
Loaded Profiles: kody (Available Profiles: kody)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_widemail_chr_win&type=default
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\kody\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
FirewallRules: [TCP Query User{6AF3601E-66AA-4626-A594-A4255B3C7CE2}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File
FirewallRules: [UDP Query User{341C8A77-CC24-48BF-B295-28FE70372326}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe No File

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1513066782-2088970526-2524805393-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6AF3601E-66AA-4626-A594-A4255B3C7CE2}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{341C8A77-CC24-48BF-B295-28FE70372326}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60154765 B
Java, Flash, Steam htmlcache => 907 B
Windows/system/drivers => 6721590 B
Edge => 2464162 B
Chrome => 414102446 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 37 B
systemprofile32 => 0 B
LocalService => 28278 B
LocalService => 0 B
NetworkService => 738 B
NetworkService => 0 B
kody => 10805474 B

RecycleBin => 0 B
EmptyTemp: => 481.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:19:14 ====


  • 0

#15
iMacg3
Posted 10 April 2019 - 08:50 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Please run this FRST fix to scan a file at VirusTotal:

Highlight the contents of the below code box and press Ctrl + C:
Start::
virustotal: C:\Users\kody\AppData\Local\Temp\7721.tmp.exe
End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Cooling fan, Slow system

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP