Solved Computer clean up

Tonywalker

TS Rookie
Hi,

Our computer has been acting very slow lately and most likely some virus/malware installed. Please could you assist in helping us to clean our PC. Thanks Tony
 

Tonywalker

TS Rookie
For some reason unable to copy/paste logs as getting an error message about message containing spam material? Any admin can help?
 

Broni

Malware Annihilator
Welcome aboard


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Please attach both files.
 

Broni

Malware Annihilator
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Sponge (administrator) on SPONGE-PC (24-10-2018 19:22:02)
Running from C:\Users\Sponge\Downloads
Loaded Profiles: Sponge & postgres (Available Profiles: Sponge & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SoftSol Limited) C:\TaxiMATE\TaxiMATE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2013\StreetsOlkShim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NortonSupport] => "C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe" /supportreboot
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-16] ()
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [SetDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-31] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [3482272 2013-11-06] (DSG Retail Limited)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {586f16d6-f373-11e2-a72e-00190e0f9fba} - E:\DTLplus_Launcher.exe
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {d8d5382e-eb62-11e1-a174-00190e0f9fba} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-08-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP ENVY 5640 series.lnk [2018-10-22]
ShortcutTarget: Monitor Cartridge Alerts - HP ENVY 5640 series.lnk -> C:\Program Files\HP\HP ENVY 5640 series\Bin\HPStatusBL.dll (HP Inc.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk [2014-09-12]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-05-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9A5F0CF-63D2-463A-A14E-CCD3864455A0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
URLSearchHook: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_en
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.14.2.13&locale=en_GB&guid=3240F757-0EA3-4C15-95A7-39EA8AD35B19&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1100

FireFox:
========
FF ProfilePath: C:\Users\Sponge\AppData\Roaming\TomTom\HOME\Profiles\umgpdkf3.default [2016-03-16]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-03-16] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-22] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default [2018-10-24]
CHR Extension: (IBM Security Rapport) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-08-10]
CHR Extension: (Norton Safe) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-16] () [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [210592 2013-11-06] ()
R2 NortonSecurity; C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe [328648 2018-10-05] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5256184 2018-09-06] (IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20181022.001\BHDrvx64.sys [1925104 2018-09-18] (Symantec Corporation)
R1 CbFs; C:\windows\system32\drivers\cbfs.sys [191960 2010-02-16] (EldoS Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NGC; C:\windows\system32\drivers\NGCx64\1610000.0F7\ccSetx64.sys [190424 2018-10-05] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20181023.061\IDSvia64.sys [1305072 2018-10-09] (Symantec Corporation)
S3 NPF; C:\windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [498064 2018-09-06] (IBM Corp.)
R1 RapportCerberus_1930074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [1651176 2018-10-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [719440 2018-09-06] (IBM Corp.)
R0 RapportHades64; C:\windows\System32\Drivers\RapportHades64.sys [339920 2018-09-06] (IBM Corp.)
R0 RapportKE64; C:\windows\System32\Drivers\RapportKE64.sys [604752 2018-09-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [752000 2018-09-06] (IBM Corp.)
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SRTSP; C:\windows\System32\drivers\NGCx64\1610000.0F7\SRTSP64.SYS [832192 2018-10-05] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NGCx64\1610000.0F7\SRTSPX64.SYS [49856 2018-10-05] (Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1610000.0F7\SYMEFASI64.SYS [1969136 2018-10-05] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-10] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\SymPlatform\SymEvnt.sys [114256 2018-09-11] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NGCx64\1610000.0F7\Ironx64.SYS [308304 2018-10-05] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1610000.0F7\symnets.sys [566912 2018-10-05] (Symantec Corporation)
R0 WinI2C-DDC; C:\windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-23] (Nicomsoft Ltd.)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1610000.0F7\wpCtrlDrv.sys [1010856 2018-10-05] (Symantec Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\EX64.SYS [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Broni

Malware Annihilator
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-24 19:22 - 2018-10-24 19:22 - 000024432 _____ C:\Users\Sponge\Downloads\FRST.txt
2018-10-24 19:15 - 2018-10-24 19:15 - 000000026 ____H C:\Users\Sponge\Documents\Database.kdb.lock
2018-10-24 13:13 - 2018-10-24 13:13 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2018-10-23 15:30 - 2018-10-24 19:14 - 000000000 ____D C:\Users\Sponge\Downloads\FRST-OlderVersion
2018-10-23 15:29 - 2018-10-24 19:22 - 000000000 ____D C:\FRST
2018-10-23 15:29 - 2018-10-24 19:14 - 002414592 _____ (Farbar) C:\Users\Sponge\Downloads\FRST64.exe
2018-10-17 12:47 - 2018-10-17 12:47 - 000000000 ____D C:\windows\System32\Tasks\Norton 360
2018-10-17 12:45 - 2018-10-17 13:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-10-17 12:45 - 2018-10-17 12:45 - 000003210 _____ C:\windows\System32\Tasks\Norton WSC Integration
2018-10-13 02:25 - 2018-10-13 02:25 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-13 02:25 - 2018-10-13 02:25 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-10-09 20:00 - 2018-09-19 09:08 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2018-10-09 20:00 - 2018-09-18 20:08 - 000396888 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 19:10 - 000348976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 06:52 - 025735168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-10-09 20:00 - 2018-09-18 06:38 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 06:38 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-10-09 20:00 - 2018-09-18 06:27 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-10-09 20:00 - 2018-09-18 06:26 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-10-09 20:00 - 2018-09-18 06:25 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 06:19 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 06:18 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-10-09 20:00 - 2018-09-18 06:16 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-10-09 20:00 - 2018-09-18 06:15 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 06:15 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-10-09 20:00 - 2018-09-18 06:14 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-10-09 20:00 - 2018-09-18 06:09 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-10-09 20:00 - 2018-09-18 06:06 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 06:01 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:57 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-10-09 20:00 - 2018-09-18 05:57 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 05:55 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 05:53 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-10-09 20:00 - 2018-09-18 05:45 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-10-09 20:00 - 2018-09-18 05:43 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-10-09 20:00 - 2018-09-18 05:42 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 05:41 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 05:41 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 05:39 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-10-09 20:00 - 2018-09-18 05:35 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-10-09 20:00 - 2018-09-18 05:33 - 020278784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-10-09 20:00 - 2018-09-18 05:31 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 05:23 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-10-09 20:00 - 2018-09-18 05:20 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-10-09 20:00 - 2018-09-18 05:20 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 05:19 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 05:18 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-10-09 20:00 - 2018-09-18 05:14 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 05:12 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 05:10 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-10-09 20:00 - 2018-09-18 05:06 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 05:03 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:00 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-10-09 20:00 - 2018-09-18 04:59 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 04:58 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-10-09 20:00 - 2018-09-18 04:53 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-10-09 20:00 - 2018-09-18 04:52 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-10-09 20:00 - 2018-09-18 04:51 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 04:50 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 04:50 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 04:37 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-10-09 20:00 - 2018-09-18 04:34 - 001330176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-10-09 20:00 - 2018-09-18 04:31 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-10-09 20:00 - 2018-09-11 19:28 - 003227136 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-10-09 20:00 - 2018-09-11 19:23 - 000161280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-10-09 20:00 - 2018-09-11 19:22 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 005552328 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-10-09 20:00 - 2018-09-09 02:02 - 001680072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000986824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000708296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-10-09 20:00 - 2018-09-09 02:02 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-10-09 20:00 - 2018-09-09 02:02 - 000265416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000262344 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-10-09 20:00 - 2018-09-09 02:02 - 000154824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000095432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-10-09 20:00 - 2018-09-09 02:01 - 001664320 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 002851840 _____ (Microsoft Corporation) C:\windows\system32\themeui.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 002009600 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 001211904 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 001461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:46 - 004054216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-10-09 20:00 - 2018-09-09 01:46 - 003959496 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-10-09 20:00 - 2018-09-09 01:46 - 001314072 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 002755584 _____ (Microsoft Corporation) C:\windows\SysWOW64\themeui.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 001391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:25 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-10-09 20:00 - 2018-09-09 01:25 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-10-09 20:00 - 2018-09-09 01:25 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-10-09 20:00 - 2018-09-09 01:25 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-10-09 20:00 - 2018-09-09 01:21 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-10-09 20:00 - 2018-09-09 01:21 - 000129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-10-09 20:00 - 2018-09-09 01:20 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-10-09 20:00 - 2018-09-09 01:18 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-10-09 20:00 - 2018-09-09 01:16 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-10-09 20:00 - 2018-09-09 01:15 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-10-09 20:00 - 2018-09-09 01:13 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-10-09 20:00 - 2018-09-09 01:12 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 014637568 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 012574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2018-10-09 20:00 - 2018-08-28 07:24 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2018-10-09 20:00 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2018-10-09 20:00 - 2018-08-28 07:09 - 012574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2018-10-09 20:00 - 2018-08-28 07:09 - 011411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2018-10-09 20:00 - 2018-08-28 06:52 - 000008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2018-10-09 20:00 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2018-10-09 20:00 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2018-10-09 20:00 - 2018-08-16 03:18 - 000041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2018-10-09 20:00 - 2018-08-13 22:49 - 001391856 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2018-10-09 20:00 - 2018-08-13 16:54 - 000687616 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2018-10-09 20:00 - 2018-08-12 21:32 - 000140976 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-10-09 20:00 - 2018-08-12 21:27 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-10-09 20:00 - 2018-08-08 16:54 - 000194048 _____ (Microsoft Corporation) C:\windows\system32\itircl.dll
2018-10-09 20:00 - 2018-08-08 16:54 - 000170496 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2018-10-09 20:00 - 2018-08-08 16:40 - 000158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\itircl.dll
2018-10-09 20:00 - 2018-08-08 16:40 - 000142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2018-10-09 19:59 - 2018-09-09 01:59 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-10-09 19:59 - 2018-09-09 01:59 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2018-10-09 19:59 - 2018-09-09 01:43 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-10-09 19:59 - 2018-09-09 01:43 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2018-10-03 11:23 - 2018-10-03 11:23 - 000001092 _____ C:\Users\Sponge\Desktop\perfect.htm
2018-10-03 10:27 - 2018-10-03 10:27 - 000008807 _____ C:\Users\Sponge\Desktop\Sharon Card.xlsx
2018-09-25 12:13 - 2018-10-03 11:00 - 000000000 ____D C:\Users\Sponge\Desktop\Worldpay - Login_files
2018-09-25 12:13 - 2018-09-25 12:13 - 000010662 _____ C:\Users\Sponge\Desktop\Worldpay - Login.html
2018-09-24 20:52 - 2018-09-24 20:52 - 000000951 _____ C:\Users\Sponge\Desktop\url.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-24 19:12 - 2012-10-19 08:48 - 000000340 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2018-10-24 19:05 - 2014-11-28 14:00 - 019475582 _____ C:\windows\ntbtlog.txt
2018-10-24 18:56 - 2012-06-27 14:16 - 000000000 ____D C:\Users\Sponge\Documents\Outlook Files
2018-10-24 17:40 - 2012-07-11 15:31 - 000271360 _____ C:\Users\Sponge\Documents\victoriaoutlook.pst
2018-10-24 17:04 - 2012-06-25 12:57 - 000000000 ____D C:\Users\Sponge\Desktop\Prices
2018-10-24 15:29 - 2013-04-04 11:52 - 001455616 ___SH C:\Users\Sponge\Desktop\Thumbs.db
2018-10-24 08:57 - 2016-02-12 17:01 - 000003934 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{0BA02464-F9F0-4ED9-ABE2-433172608F87}
2018-10-24 03:51 - 2009-07-14 05:45 - 000020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-24 03:51 - 2009-07-14 05:45 - 000020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-23 15:24 - 2017-07-12 14:50 - 000004316 _____ C:\Users\Sponge\Documents\Database.kdb
2018-10-23 11:05 - 2018-08-08 11:12 - 000139629 _____ C:\Users\Sponge\Desktop\Mileage - August-October 18.xlsx
2018-10-23 10:53 - 2012-07-16 15:03 - 000000000 ____D C:\Users\Sponge\AppData\Roaming\Clip Art Collection
2018-10-22 15:51 - 2012-07-13 13:24 - 000000000 ____D C:\Users\Sponge\AppData\Local\CrashDumps
2018-10-22 15:48 - 2012-07-17 13:30 - 000000000 ____D C:\Users\Sponge\AppData\Local\Livedrive
2018-10-22 15:47 - 2014-06-03 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-22 15:45 - 2014-11-30 18:20 - 000000000 ____D C:\Users\postgres
2018-10-22 15:44 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-10-17 13:31 - 2015-06-12 17:23 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-17 13:05 - 2018-02-19 10:13 - 000002255 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-10-17 12:46 - 2018-02-15 20:50 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2018-10-10 15:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\rescache
2018-10-10 13:50 - 2009-07-14 06:13 - 000786538 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-10 13:50 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2018-10-10 13:43 - 2009-07-14 05:45 - 000418776 _____ C:\windows\system32\FNTCACHE.DAT
2018-10-10 13:18 - 2009-07-14 03:34 - 000000516 _____ C:\windows\win.ini
2018-10-10 13:16 - 2013-08-15 03:00 - 000000000 ____D C:\windows\system32\MRT
2018-10-10 13:11 - 2012-07-24 08:59 - 136745976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-10-10 13:06 - 2012-06-27 15:52 - 000770404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-10-10 09:43 - 2012-09-22 19:01 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-10-10 09:43 - 2012-09-22 19:01 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-10 09:43 - 2012-09-22 19:01 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-10-10 09:43 - 2012-09-22 19:01 - 000000000 ____D C:\windows\system32\Macromed
2018-10-10 09:43 - 2012-03-03 23:48 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-10-09 13:57 - 2016-03-01 17:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-09 09:55 - 2013-11-12 12:37 - 000000000 ____D C:\Program Files (x86)\Knowhow Cloud
2018-10-05 14:48 - 2015-02-10 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-10-05 11:43 - 2012-07-11 15:13 - 000000000 ____D C:\Users\Sponge\AppData\LocalLow\Adobe

==================== Files in the root of some directories =======

2012-03-03 23:48 - 2012-03-03 23:48 - 001914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
2017-07-06 12:13 - 2017-07-06 12:13 - 000000868 _____ () C:\Users\Sponge\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-08 12:13 - 2012-10-08 12:14 - 000007680 _____ () C:\Users\Sponge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:22

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Sponge (24-10-2018 19:22:42)
Running from C:\Users\Sponge\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-05 14:12:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1769499328-1730554653-1278974721-500 - Administrator - Disabled)
Guest (S-1-5-21-1769499328-1730554653-1278974721-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1769499328-1730554653-1278974721-1003 - Limited - Enabled)
postgres (S-1-5-21-1769499328-1730554653-1278974721-1006 - Limited - Enabled) => C:\Users\postgres
Sponge (S-1-5-21-1769499328-1730554653-1278974721-1001 - Administrator - Enabled) => C:\Users\Sponge

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton 360 (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Clip Art Collection (HKLM-x32\...\{158104AB-D92E-45BC-8268-5D351C95F6AD}) (Version: 1.0.0.0 - W3i)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Free File Viewer 2012 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
Gigaset QuickSync (HKLM\...\{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}) (Version: 7.2.0844.6 - Gigaset Communications GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12262 - HP Photo Creations)
HP Photosmart 5510d series Basic Device Software (HKLM\...\{F26D0153-CD17-4662-8592-DD98498DE6E4}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510d series Product Improvement Study (HKLM\...\{F5551626-0E88-4399-A32D-2F6115CCDD92}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.33 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.33 - Dominik Reichl)
Knowhow Cloud (HKLM\...\{2CED7DA6-42B9-456B-9EE0-BBFA023AB14F}) (Version: 2.0.4 - DSG Retail Limited)
KNOWHOW(TM) APP CENTRE (HKLM-x32\...\KNOWHOW(TM) APP CENTRE 25501) (Version: 25501 - KNOWHOW)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.5.110104 - Lenovo)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft AutoRoute 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-3333BC2C2B6D}) (Version: 19.0.21.0500 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.16.0.247 - Symantec Corporation)
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
PS5510dFWUpdateAlert (HKLM-x32\...\{BF9D2E8A-6DBC-4A3F-8497-12115310CC97}) (Version: 1.00.0000 - HP) Hidden
PS5520FWUpdateAlert (HKLM-x32\...\{7049A4E0-172F-457E-97A3-8DE5B0A4E422}) (Version: 2.00.0000 - HP) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.100 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.14.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.14.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
TaxiMATE (HKLM-x32\...\ST5UNST #1) (Version: - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.100 - Trusteer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)
ContextMenuHandlers5: [LivedriveBackgroundContextMenu] -> {005C2E48-BD95-4F38-8FD9-9E4CB7C78D2A} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07AB5235-261F-4DB2-9F7B-E91AE25281BC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2018-10-05] (Symantec Corporation)
Task: {080BF29D-1D15-4D14-A4F5-A065C36875A4} - System32\Tasks\HPCustPartic.exe_{DBEA4EBF-967B-4203-82AC-FB8620E76085} => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {22476A65-25F6-41B9-A658-0925810A41BE} - System32\Tasks\HPCustParticipation HP Photosmart 5510d series => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {3B254A1B-BCAA-4204-B225-A914FF3D69DF} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {47983FF8-51C7-45F1-8E25-5F0A40EB6BD7} - System32\Tasks\{E55F6150-4CA4-419C-AC7F-A53F43A009FB} => C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe
Task: {49582A23-2AC2-468E-92EF-AC4A48D75545} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5AAFBD3B-82F8-4A97-B545-2DFB4DB151B9} - System32\Tasks\{9A1D7C8B-FF97-4BC3-A617-35191EE3B7F4} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {65C84262-BD36-4E6C-BE64-294B6AA9E627} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {703016A7-0396-4EEC-BF04-A3950AC1AF58} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-08-20] ()
Task: {87051737-9F47-476D-B8F2-A4537EF01151} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {9C4A4ABA-34F6-44F2-8D75-BFD05C1ED0A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9C857E80-FB0E-48A1-8DF6-B95E9EE4E76D} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9E300FE7-323D-437F-A568-23D119E88530} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {A3A3CA8A-F88A-4755-BA5D-457489E1E2D3} - System32\Tasks\{D8A07872-8884-440D-9326-18AA7B7E0C4F} => C:\windows\system32\pcalua.exe -a D:\setup_Gigaset_QuickSync_6.1.exe -d D:\
Task: {AF717E4B-60AE-455A-8158-0F0AA5D66831} - System32\Tasks\{54EF97A4-AC21-4378-BD8F-CFCE0D5CDF58} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2018-09-14] (Microsoft Corporation)
Task: {C4BDFEF4-C194-4581-BEAA-F305B4D1783B} - System32\Tasks\{A0B1783D-BE1F-4FBA-83D9-110CDC487CF6} => C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe
Task: {D729A7C4-7666-42A3-809C-AC4FD6AE75EA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {DA0CE0BF-07CE-4E2A-98E6-631A1733A090} - System32\Tasks\{62C24F28-B0D8-4623-8513-E9A0B4B6CB99} => C:\windows\system32\pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe"
Task: {F6B5DBA4-136F-46A4-A4A9-8C6D7DD4BED1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\WSCStub.exe [2018-10-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-03-03 23:18 - 2011-03-16 05:47 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2013-11-06 18:24 - 2013-11-06 18:24 - 000210592 _____ () C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
2008-02-12 13:55 - 2008-02-12 13:55 - 000167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-11-30 18:16 - 2012-09-21 08:55 - 000217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-11-30 18:17 - 2012-08-14 13:02 - 002258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2011-04-11 02:53 - 2011-03-26 08:29 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-06-05 16:45 - 2010-08-26 17:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2012-03-03 23:18 - 2011-05-17 22:54 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2018-09-18 23:04 - 2018-09-15 09:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 23:04 - 2018-09-15 09:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2012-06-05 16:45 - 2010-07-09 16:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2012-03-03 23:48 - 2010-09-09 20:19 - 000210432 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
2012-03-03 23:48 - 2010-09-09 20:18 - 000211456 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
2012-03-03 23:18 - 2011-05-17 22:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2012-03-03 23:48 - 2010-09-20 19:08 - 000210432 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
2012-03-03 23:48 - 2010-09-21 03:55 - 000182272 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\DDCHelperWraper.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-07-06 12:10 - 000000860 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk => C:\windows\pss\NETGEAR WNA3100 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Smart PC Cleaner => C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B2DCABD-4BC6-41F5-9068-25A995CF7DA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD745F83-ED8C-47C8-A083-397BAFAB1214}] => (Allow) LPort=2869
FirewallRules: [{B77DF47E-8759-4D0D-96FA-67AD9C327B3D}] => (Allow) LPort=1900
FirewallRules: [{999DA7F4-F51C-4946-BE6B-88B284D39BD5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4A1008E4-92C2-4179-A879-AC826FEF428C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C783ACEA-69BC-4D9C-9391-45A8139C317C}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe
FirewallRules: [{8A961384-0F5D-482A-882C-E831B28C2B5A}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{25BF5397-B898-4925-B6CC-702DC0CF68B0}] => (Allow) LPort=4481
FirewallRules: [{A54AEA86-8691-4B04-A09A-0C1E68C6A88C}] => (Allow) LPort=4481
FirewallRules: [{698A977F-7D66-4FAC-97ED-BB9E3ADB1CB5}] => (Allow) LPort=4482
FirewallRules: [{D61627C6-78BB-4760-A34D-7C8E27059E1B}] => (Allow) LPort=4482
FirewallRules: [{86215835-F90C-4B0B-B784-A9F1A24C1A1B}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{DA61FB46-8450-48F8-BA42-8970EA818118}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{6B948EB3-DA0E-4D3A-B7E9-4706B2F4CE2C}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{DB1CFEFA-2B83-4D0F-8883-49E3E4ADF57D}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{62D0B9BB-84C2-49BC-BCE4-A758FBE12972}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{4AB62CA1-53E5-49D6-A438-6A2DE618C875}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{ED202E39-9734-496A-8A0E-0CBA4DAE6803}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{85018C6A-8A8A-40C5-BBFC-2B862B3E5675}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{75194297-25AF-49C2-966F-225D3B2D515D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{6DE88B36-B708-4DE7-A477-B5B3EC121E65}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{D237C32B-76E9-4AE9-86B7-BF01D7D6D049}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E2CD1DD1-C5C3-48F7-BF29-26A7BACA6458}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{7877AB53-4749-453B-9FB8-F5B7E51E81BE}] => (Allow) LPort=5357
FirewallRules: [{78FBD0C2-B2EE-48A2-9859-FB0FF982B639}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{545544EE-079A-4296-9F66-C009CFA99716}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AF21218A-D0DA-4970-8A33-2340CA45BB96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4AA2B699-A0F4-4F25-9EC0-0BD0E877E6A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9429D054-6ED4-47E5-84AF-35B21DDFF439}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1DFA1CC8-29F0-4B7D-8D63-0457F9EBDC79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

10-10-2018 13:01:29 Windows Update
11-10-2018 13:00:12 Windows Update
19-10-2018 00:00:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2018 04:10:26 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?.
Accepted Safe Mode action : Microsoft Outlook.

Error: (10/22/2018 03:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KnowhowCloud.exe, version: 2.0.4.186, time stamp: 0x527a7ad3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001e05d9
Faulting process id: 0xbec
Faulting application start time: 0x01d46a15e879d262
Faulting application path: C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
Faulting module path: unknown
Report Id: e2c31ac7-d609-11e8-9250-4437e6959eec

Error: (10/22/2018 03:50:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KnowhowCloud.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/22/2018 03:50:55 PM) (Source: Knowhow Cloud) (EventID: 0) (User: )
Description: Unhandled exception:

System.NullReferenceException: Object reference not set to an instance of an object.
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(Object )
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/22/2018 03:48:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5ef1cff5-fe4d-4556-9a9c-9fc52a8a8784}

Error: (10/22/2018 03:46:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2018 02:32:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KnowhowCloud.exe, version: 2.0.4.186, time stamp: 0x527a7ad3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0592fa89
Faulting process id: 0xc14
Faulting application start time: 0x01d460973683b55c
Faulting application path: C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
Faulting module path: unknown
Report Id: ecb014a3-cc90-11e8-a068-4437e6959eec

Error: (10/10/2018 02:32:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KnowhowCloud.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (10/23/2018 09:56:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (10/22/2018 03:48:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/22/2018 03:45:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/22/2018 03:41:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (10/22/2018 10:49:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (10/10/2018 01:48:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/10/2018 01:44:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/09/2018 12:32:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 77%
Total physical RAM: 4008.43 MB
Available physical RAM: 907.39 MB
Total Virtual: 8015.01 MB
Available Virtual: 3058.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.59 GB) (Free:328.18 GB) NTFS

\\?\Volume{c009a344-657d-11e1-9c73-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{4884ba0f-9b6b-11e2-90d3-4437e6959eec}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 283AF5E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Please uninstall following unwanted program:

Free File Viewer 2012

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Tonywalker

TS Rookie
RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sponge [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/25/2018 20:56:35 (Duration : 00:39:48)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] 2d704c588b49664f74b877447e937e96
[BSP] 8c8b62cd01214d85261f86cdfe745749 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 451164 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 924190720 | Size: 25675 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP ENVY 5640 series USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Tonywalker

TS Rookie
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/25/18
Scan Time: 9:54 PM
Log File: 31682e78-d898-11e8-ab72-4437e6959eec.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sponge-PC\Sponge

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 383386
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Tonywalker

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-25-2018
# Duration: 00:00:18
# OS: Windows 7 Home Premium
# Cleaned: 60
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Sponge\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\CUUpdateComponent.ocx
Deleted C:\Windows\SysWOW64\ComputerUpdaterLM.ocx
Deleted C:\Users\Sponge\Desktop\Sync Folder.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.myway.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverter.wdgserv.com
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Smart PC Cleaner
Deleted HKCU\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKCU\Software\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost64.exe
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted HKLM\Software\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted HKLM\Software\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted HKLM\Software\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted HKLM\Software\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}
Deleted HKLM\Software\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8013018C-73F4-4642-B2D1-9D83C2AAFBC2}
Deleted HKLM\Software\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Classes\Sample.YTBPartnerSample
Deleted HKLM\Software\Classes\Sample.BrowserHandler
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\ComputerUpdater Service
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

Deleted Managera
Deleted Extutil

***** [ Chromium URLs ] *****

Deleted Ask Jeeves

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7610 octets] - [25/10/2018 22:16:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Tonywalker

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Sponge (administrator) on SPONGE-PC (26-10-2018 12:37:12)
Running from C:\Users\Sponge\Downloads
Loaded Profiles: Sponge & postgres (Available Profiles: Sponge & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SoftSol Limited) C:\TaxiMATE\TaxiMATE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2013\StreetsOlkShim.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NortonSupport] => "C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe" /supportreboot
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-16] ()
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [SetDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-31] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [3482272 2013-11-06] (DSG Retail Limited)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {586f16d6-f373-11e2-a72e-00190e0f9fba} - E:\DTLplus_Launcher.exe
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {d8d5382e-eb62-11e1-a174-00190e0f9fba} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-08-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP ENVY 5640 series.lnk [2018-10-26]
ShortcutTarget: Monitor Cartridge Alerts - HP ENVY 5640 series.lnk -> C:\Program Files\HP\HP ENVY 5640 series\Bin\HPStatusBL.dll (HP Inc.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk [2014-09-12]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-05-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9A5F0CF-63D2-463A-A14E-CCD3864455A0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
URLSearchHook: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_en
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1100

FireFox:
========
FF ProfilePath: C:\Users\Sponge\AppData\Roaming\TomTom\HOME\Profiles\umgpdkf3.default [2016-03-16]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-03-16] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-22] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default [2018-10-26]
CHR Extension: (IBM Security Rapport) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-08-10]
CHR Extension: (Norton Safe) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-16] () [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [210592 2013-11-06] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe [328648 2018-10-05] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5256184 2018-09-06] (IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20181023.001\BHDrvx64.sys [1925104 2018-09-18] (Symantec Corporation)
R1 CbFs; C:\windows\system32\drivers\cbfs.sys [191960 2010-02-16] (EldoS Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NGC; C:\windows\system32\drivers\NGCx64\1610000.0F7\ccSetx64.sys [190424 2018-10-05] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20181025.061\IDSvia64.sys [1305072 2018-10-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-26] (Malwarebytes)
S3 NPF; C:\windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [498064 2018-09-06] (IBM Corp.)
R1 RapportCerberus_1930074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [1651176 2018-10-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [719440 2018-09-06] (IBM Corp.)
R0 RapportHades64; C:\windows\System32\Drivers\RapportHades64.sys [339920 2018-09-06] (IBM Corp.)
R0 RapportKE64; C:\windows\System32\Drivers\RapportKE64.sys [604752 2018-09-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [752000 2018-09-06] (IBM Corp.)
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SRTSP; C:\windows\System32\drivers\NGCx64\1610000.0F7\SRTSP64.SYS [832192 2018-10-05] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NGCx64\1610000.0F7\SRTSPX64.SYS [49856 2018-10-05] (Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1610000.0F7\SYMEFASI64.SYS [1969136 2018-10-05] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-10] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\SymPlatform\SymEvnt.sys [114256 2018-09-11] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NGCx64\1610000.0F7\Ironx64.SYS [308304 2018-10-05] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1610000.0F7\symnets.sys [566912 2018-10-05] (Symantec Corporation)
R0 WinI2C-DDC; C:\windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-23] (Nicomsoft Ltd.)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1610000.0F7\wpCtrlDrv.sys [1010856 2018-10-05] (Symantec Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\EX64.SYS [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-26 09:55 - 2018-10-26 09:55 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2018-10-26 09:15 - 2018-10-26 09:15 - 000260384 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-10-25 22:15 - 2018-10-25 22:43 - 000000000 ____D C:\AdwCleaner
2018-10-25 21:53 - 2018-10-25 21:53 - 000000000 ____D C:\Users\Sponge\AppData\Local\mbamtray
2018-10-25 21:53 - 2018-10-25 21:53 - 000000000 ____D C:\Users\Sponge\AppData\Local\mbam
2018-10-25 21:52 - 2018-10-25 21:52 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-25 21:52 - 2018-10-25 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-25 21:52 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-10-25 20:52 - 2018-10-25 20:53 - 037029072 _____ (Adlice Software ) C:\Users\Sponge\Downloads\RogueKiller_setup_ref3.exe
2018-10-25 20:52 - 2018-10-25 20:52 - 007592144 _____ (Malwarebytes) C:\Users\Sponge\Downloads\AdwCleaner.exe
2018-10-25 20:51 - 2018-10-25 20:53 - 079386560 _____ (Malwarebytes ) C:\Users\Sponge\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7501.exe
2018-10-24 19:22 - 2018-10-26 12:38 - 000024052 _____ C:\Users\Sponge\Downloads\FRST.txt
2018-10-24 19:22 - 2018-10-24 19:22 - 000038330 _____ C:\Users\Sponge\Downloads\Addition.txt
2018-10-23 15:30 - 2018-10-24 19:14 - 000000000 ____D C:\Users\Sponge\Downloads\FRST-OlderVersion
2018-10-23 15:29 - 2018-10-26 12:37 - 000000000 ____D C:\FRST
2018-10-23 15:29 - 2018-10-24 19:14 - 002414592 _____ (Farbar) C:\Users\Sponge\Downloads\FRST64.exe
2018-10-17 12:47 - 2018-10-17 12:47 - 000000000 ____D C:\windows\System32\Tasks\Norton 360
2018-10-17 12:45 - 2018-10-17 13:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-10-17 12:45 - 2018-10-17 12:45 - 000003210 _____ C:\windows\System32\Tasks\Norton WSC Integration
2018-10-13 02:25 - 2018-10-13 02:25 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-13 02:25 - 2018-10-13 02:25 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-10-09 20:00 - 2018-09-19 09:08 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2018-10-09 20:00 - 2018-09-18 20:08 - 000396888 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 19:10 - 000348976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 06:52 - 025735168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-10-09 20:00 - 2018-09-18 06:38 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 06:38 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-10-09 20:00 - 2018-09-18 06:27 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-10-09 20:00 - 2018-09-18 06:26 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-10-09 20:00 - 2018-09-18 06:25 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 06:19 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 06:18 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-10-09 20:00 - 2018-09-18 06:16 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-10-09 20:00 - 2018-09-18 06:15 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 06:15 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-10-09 20:00 - 2018-09-18 06:14 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-10-09 20:00 - 2018-09-18 06:09 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-10-09 20:00 - 2018-09-18 06:06 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 06:01 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:57 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-10-09 20:00 - 2018-09-18 05:57 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 05:55 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 05:53 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-10-09 20:00 - 2018-09-18 05:45 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-10-09 20:00 - 2018-09-18 05:43 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-10-09 20:00 - 2018-09-18 05:42 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 05:41 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 05:41 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 05:39 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-10-09 20:00 - 2018-09-18 05:35 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-10-09 20:00 - 2018-09-18 05:33 - 020278784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-10-09 20:00 - 2018-09-18 05:31 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 05:23 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-10-09 20:00 - 2018-09-18 05:20 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-10-09 20:00 - 2018-09-18 05:20 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 05:19 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 05:18 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-10-09 20:00 - 2018-09-18 05:14 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 05:12 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 05:10 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-10-09 20:00 - 2018-09-18 05:06 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 05:03 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:00 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-10-09 20:00 - 2018-09-18 04:59 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 04:58 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-10-09 20:00 - 2018-09-18 04:53 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-10-09 20:00 - 2018-09-18 04:52 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-10-09 20:00 - 2018-09-18 04:51 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 04:50 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 04:50 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 04:37 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
 

Tonywalker

TS Rookie
2018-10-09 20:00 - 2018-09-18 04:34 - 001330176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-10-09 20:00 - 2018-09-18 04:31 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-10-09 20:00 - 2018-09-11 19:28 - 003227136 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-10-09 20:00 - 2018-09-11 19:23 - 000161280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-10-09 20:00 - 2018-09-11 19:22 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 005552328 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-10-09 20:00 - 2018-09-09 02:02 - 001680072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000986824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000708296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-10-09 20:00 - 2018-09-09 02:02 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-10-09 20:00 - 2018-09-09 02:02 - 000265416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000262344 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-10-09 20:00 - 2018-09-09 02:02 - 000154824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-10-09 20:00 - 2018-09-09 02:02 - 000095432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-10-09 20:00 - 2018-09-09 02:01 - 001664320 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 002851840 _____ (Microsoft Corporation) C:\windows\system32\themeui.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 002009600 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 001211904 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-10-09 20:00 - 2018-09-09 01:59 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 001461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-10-09 20:00 - 2018-09-09 01:58 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:57 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:46 - 004054216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-10-09 20:00 - 2018-09-09 01:46 - 003959496 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-10-09 20:00 - 2018-09-09 01:46 - 001314072 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 002755584 _____ (Microsoft Corporation) C:\windows\SysWOW64\themeui.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-10-09 20:00 - 2018-09-09 01:44 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 001391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-10-09 20:00 - 2018-09-09 01:43 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:42 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:25 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-10-09 20:00 - 2018-09-09 01:25 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-10-09 20:00 - 2018-09-09 01:25 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-10-09 20:00 - 2018-09-09 01:25 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-10-09 20:00 - 2018-09-09 01:21 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-10-09 20:00 - 2018-09-09 01:21 - 000129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-10-09 20:00 - 2018-09-09 01:20 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-10-09 20:00 - 2018-09-09 01:18 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-10-09 20:00 - 2018-09-09 01:16 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-10-09 20:00 - 2018-09-09 01:15 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2018-10-09 20:00 - 2018-09-09 01:15 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-10-09 20:00 - 2018-09-09 01:13 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-10-09 20:00 - 2018-09-09 01:13 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-10-09 20:00 - 2018-09-09 01:12 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 20:00 - 2018-09-09 01:12 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 014637568 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 012574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2018-10-09 20:00 - 2018-08-28 07:24 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2018-10-09 20:00 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2018-10-09 20:00 - 2018-08-28 07:24 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2018-10-09 20:00 - 2018-08-28 07:09 - 012574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2018-10-09 20:00 - 2018-08-28 07:09 - 011411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2018-10-09 20:00 - 2018-08-28 06:52 - 000008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2018-10-09 20:00 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2018-10-09 20:00 - 2018-08-28 06:52 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2018-10-09 20:00 - 2018-08-16 03:18 - 000041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2018-10-09 20:00 - 2018-08-13 22:49 - 001391856 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2018-10-09 20:00 - 2018-08-13 16:54 - 000687616 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2018-10-09 20:00 - 2018-08-12 21:32 - 000140976 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-10-09 20:00 - 2018-08-12 21:27 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-10-09 20:00 - 2018-08-08 16:54 - 000194048 _____ (Microsoft Corporation) C:\windows\system32\itircl.dll
2018-10-09 20:00 - 2018-08-08 16:54 - 000170496 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2018-10-09 20:00 - 2018-08-08 16:40 - 000158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\itircl.dll
2018-10-09 20:00 - 2018-08-08 16:40 - 000142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2018-10-09 19:59 - 2018-09-09 01:59 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-10-09 19:59 - 2018-09-09 01:59 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2018-10-09 19:59 - 2018-09-09 01:43 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-10-09 19:59 - 2018-09-09 01:43 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2018-10-03 11:23 - 2018-10-03 11:23 - 000001092 _____ C:\Users\Sponge\Desktop\perfect.htm
2018-10-03 10:27 - 2018-10-03 10:27 - 000008807 _____ C:\Users\Sponge\Desktop\Sharon Card.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-26 12:32 - 2012-07-11 15:31 - 000271360 _____ C:\Users\Sponge\Documents\victoriaoutlook.pst
2018-10-26 12:31 - 2014-06-03 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-26 12:21 - 2012-06-27 14:16 - 000000000 ____D C:\Users\Sponge\Documents\Outlook Files
2018-10-26 12:20 - 2014-11-28 14:00 - 019517762 _____ C:\windows\ntbtlog.txt
2018-10-26 12:12 - 2012-10-19 08:48 - 000000340 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2018-10-26 10:20 - 2016-02-12 17:01 - 000003934 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{0BA02464-F9F0-4ED9-ABE2-433172608F87}
2018-10-26 09:31 - 2009-07-14 05:45 - 000020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-26 09:31 - 2009-07-14 05:45 - 000020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-26 09:22 - 2012-07-13 13:24 - 000000000 ____D C:\Users\Sponge\AppData\Local\CrashDumps
2018-10-26 09:17 - 2012-07-17 13:30 - 000000000 ____D C:\Users\Sponge\AppData\Local\Livedrive
2018-10-26 09:14 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-10-25 22:48 - 2014-11-30 18:20 - 000000000 ____D C:\Users\postgres
2018-10-25 22:43 - 2016-07-28 12:26 - 000000000 ____D C:\Users\Sponge\AppData\LocalLow\Yahoo!
2018-10-25 21:52 - 2018-04-29 13:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-25 20:56 - 2017-07-06 12:01 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-10-25 20:54 - 2018-04-27 21:54 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-10-25 20:54 - 2018-04-27 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-10-25 20:54 - 2018-04-27 21:54 - 000000000 ____D C:\Program Files\RogueKiller
2018-10-24 20:31 - 2016-03-01 17:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-24 17:04 - 2012-06-25 12:57 - 000000000 ____D C:\Users\Sponge\Desktop\Prices
2018-10-24 15:29 - 2013-04-04 11:52 - 001455616 ___SH C:\Users\Sponge\Desktop\Thumbs.db
2018-10-23 15:24 - 2017-07-12 14:50 - 000004316 _____ C:\Users\Sponge\Documents\Database.kdb
2018-10-23 11:05 - 2018-08-08 11:12 - 000139629 _____ C:\Users\Sponge\Desktop\Mileage - August-October 18.xlsx
2018-10-23 10:53 - 2012-07-16 15:03 - 000000000 ____D C:\Users\Sponge\AppData\Roaming\Clip Art Collection
2018-10-17 13:31 - 2015-06-12 17:23 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-17 13:05 - 2018-02-19 10:13 - 000002255 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-10-17 12:46 - 2018-02-15 20:50 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2018-10-10 15:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\rescache
2018-10-10 13:50 - 2009-07-14 06:13 - 000786538 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-10 13:50 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2018-10-10 13:43 - 2009-07-14 05:45 - 000418776 _____ C:\windows\system32\FNTCACHE.DAT
2018-10-10 13:18 - 2009-07-14 03:34 - 000000516 _____ C:\windows\win.ini
2018-10-10 13:16 - 2013-08-15 03:00 - 000000000 ____D C:\windows\system32\MRT
2018-10-10 13:11 - 2012-07-24 08:59 - 136745976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-10-10 13:06 - 2012-06-27 15:52 - 000770404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-10-10 09:43 - 2012-09-22 19:01 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-10-10 09:43 - 2012-09-22 19:01 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-10 09:43 - 2012-09-22 19:01 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-10-10 09:43 - 2012-09-22 19:01 - 000000000 ____D C:\windows\system32\Macromed
2018-10-10 09:43 - 2012-03-03 23:48 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-10-09 09:55 - 2013-11-12 12:37 - 000000000 ____D C:\Program Files (x86)\Knowhow Cloud
2018-10-05 14:48 - 2015-02-10 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-10-05 11:43 - 2012-07-11 15:13 - 000000000 ____D C:\Users\Sponge\AppData\LocalLow\Adobe
2018-10-03 11:00 - 2018-09-25 12:13 - 000000000 ____D C:\Users\Sponge\Desktop\Worldpay - Login_files

==================== Files in the root of some directories =======

2012-03-03 23:48 - 2012-03-03 23:48 - 001914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
2017-07-06 12:13 - 2017-07-06 12:13 - 000000868 _____ () C:\Users\Sponge\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-08 12:13 - 2012-10-08 12:14 - 000007680 _____ () C:\Users\Sponge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-10-25 20:54 - 2018-09-09 02:01 - 001664320 _____ (Microsoft Corporation) C:\Users\Sponge\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-26 12:08

==================== End of FRST.txt ============================
 

Broni

Malware Annihilator
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Sponge (26-10-2018 12:38:49)
Running from C:\Users\Sponge\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-05 14:12:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1769499328-1730554653-1278974721-500 - Administrator - Disabled)
Guest (S-1-5-21-1769499328-1730554653-1278974721-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1769499328-1730554653-1278974721-1003 - Limited - Enabled)
postgres (S-1-5-21-1769499328-1730554653-1278974721-1006 - Limited - Enabled) => C:\Users\postgres
Sponge (S-1-5-21-1769499328-1730554653-1278974721-1001 - Administrator - Enabled) => C:\Users\Sponge

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton 360 (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Gigaset QuickSync (HKLM\...\{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}) (Version: 7.2.0844.6 - Gigaset Communications GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12262 - HP Photo Creations)
HP Photosmart 5510d series Basic Device Software (HKLM\...\{F26D0153-CD17-4662-8592-DD98498DE6E4}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510d series Product Improvement Study (HKLM\...\{F5551626-0E88-4399-A32D-2F6115CCDD92}) (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.33 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.33 - Dominik Reichl)
Knowhow Cloud (HKLM\...\{2CED7DA6-42B9-456B-9EE0-BBFA023AB14F}) (Version: 2.0.4 - DSG Retail Limited)
KNOWHOW(TM) APP CENTRE (HKLM-x32\...\KNOWHOW(TM) APP CENTRE 25501) (Version: 25501 - KNOWHOW)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.22080 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.21090 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.4827a - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.5.110104 - Lenovo)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.3.0309 - Lenovo)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft AutoRoute 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-3333BC2C2B6D}) (Version: 19.0.21.0500 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.16.0.247 - Symantec Corporation)
Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
PS5510dFWUpdateAlert (HKLM-x32\...\{BF9D2E8A-6DBC-4A3F-8497-12115310CC97}) (Version: 1.00.0000 - HP) Hidden
PS5520FWUpdateAlert (HKLM-x32\...\{7049A4E0-172F-457E-97A3-8DE5B0A4E422}) (Version: 2.00.0000 - HP) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.100 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
RogueKiller version 12.13.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.6.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
TaxiMATE (HKLM-x32\...\ST5UNST #1) (Version: - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.100 - Trusteer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)
ContextMenuHandlers5: [LivedriveBackgroundContextMenu] -> {005C2E48-BD95-4F38-8FD9-9E4CB7C78D2A} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-06] (Livedrive Internet Ltd)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\buShell.dll [2018-10-05] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NavShExt.dll [2018-10-05] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {080BF29D-1D15-4D14-A4F5-A065C36875A4} - System32\Tasks\HPCustPartic.exe_{DBEA4EBF-967B-4203-82AC-FB8620E76085} => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {22476A65-25F6-41B9-A658-0925810A41BE} - System32\Tasks\HPCustParticipation HP Photosmart 5510d series => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16] (Hewlett-Packard Co.)
Task: {3B254A1B-BCAA-4204-B225-A914FF3D69DF} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {47983FF8-51C7-45F1-8E25-5F0A40EB6BD7} - System32\Tasks\{E55F6150-4CA4-419C-AC7F-A53F43A009FB} => C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe
Task: {49582A23-2AC2-468E-92EF-AC4A48D75545} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5AAFBD3B-82F8-4A97-B545-2DFB4DB151B9} - System32\Tasks\{9A1D7C8B-FF97-4BC3-A617-35191EE3B7F4} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Task: {65C84262-BD36-4E6C-BE64-294B6AA9E627} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\SymErr.exe [2018-10-05] (Symantec Corporation)
Task: {703016A7-0396-4EEC-BF04-A3950AC1AF58} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-08-20] ()
Task: {87051737-9F47-476D-B8F2-A4537EF01151} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2017-05-23] (HP Inc.)
Task: {9C4A4ABA-34F6-44F2-8D75-BFD05C1ED0A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9C857E80-FB0E-48A1-8DF6-B95E9EE4E76D} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9E300FE7-323D-437F-A568-23D119E88530} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {A3A3CA8A-F88A-4755-BA5D-457489E1E2D3} - System32\Tasks\{D8A07872-8884-440D-9326-18AA7B7E0C4F} => C:\windows\system32\pcalua.exe -a D:\setup_Gigaset_QuickSync_6.1.exe -d D:\
Task: {AF717E4B-60AE-455A-8158-0F0AA5D66831} - System32\Tasks\{54EF97A4-AC21-4378-BD8F-CFCE0D5CDF58} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2018-09-14] (Microsoft Corporation)
Task: {C4BDFEF4-C194-4581-BEAA-F305B4D1783B} - System32\Tasks\{A0B1783D-BE1F-4FBA-83D9-110CDC487CF6} => C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe
Task: {D729A7C4-7666-42A3-809C-AC4FD6AE75EA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {DA0CE0BF-07CE-4E2A-98E6-631A1733A090} - System32\Tasks\{62C24F28-B0D8-4623-8513-E9A0B4B6CB99} => C:\windows\system32\pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Gigaset QuickSync\GigasetQuickSync.exe"
Task: {DF35668D-16A0-4503-981C-421AED0763C8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2018-10-05] (Symantec Corporation)
Task: {F6B5DBA4-136F-46A4-A4A9-8C6D7DD4BED1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\WSCStub.exe [2018-10-05] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-03-03 23:18 - 2011-03-16 05:47 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2013-11-06 18:24 - 2013-11-06 18:24 - 000210592 _____ () C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
2014-11-30 18:16 - 2012-09-21 08:55 - 000217600 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2014-11-30 18:17 - 2012-08-14 13:02 - 002258432 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2011-04-11 02:53 - 2011-03-26 08:29 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-02-12 13:55 - 2008-02-12 13:55 - 000167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-06-05 16:45 - 2010-08-26 17:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2018-10-25 21:52 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-03-03 23:18 - 2011-05-17 22:54 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2018-09-18 23:04 - 2018-09-15 09:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-18 23:04 - 2018-09-15 09:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2012-06-05 16:45 - 2010-07-09 16:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-03-03 23:48 - 2010-09-09 20:19 - 000210432 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
2012-03-03 23:48 - 2010-09-09 20:18 - 000211456 _____ () C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
2012-03-03 23:48 - 2010-09-20 19:08 - 000210432 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
2012-03-03 23:48 - 2010-09-21 03:55 - 000182272 _____ () C:\Program Files\Lenovo\Lenovo Brightness System\DDCHelperWraper.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-03-03 23:18 - 2011-05-17 22:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-07-06 12:10 - 000000860 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk => C:\windows\pss\NETGEAR WNA3100 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B2DCABD-4BC6-41F5-9068-25A995CF7DA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BD745F83-ED8C-47C8-A083-397BAFAB1214}] => (Allow) LPort=2869
FirewallRules: [{B77DF47E-8759-4D0D-96FA-67AD9C327B3D}] => (Allow) LPort=1900
FirewallRules: [{999DA7F4-F51C-4946-BE6B-88B284D39BD5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4A1008E4-92C2-4179-A879-AC826FEF428C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C783ACEA-69BC-4D9C-9391-45A8139C317C}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe
FirewallRules: [{8A961384-0F5D-482A-882C-E831B28C2B5A}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{25BF5397-B898-4925-B6CC-702DC0CF68B0}] => (Allow) LPort=4481
FirewallRules: [{A54AEA86-8691-4B04-A09A-0C1E68C6A88C}] => (Allow) LPort=4481
FirewallRules: [{698A977F-7D66-4FAC-97ED-BB9E3ADB1CB5}] => (Allow) LPort=4482
FirewallRules: [{D61627C6-78BB-4760-A34D-7C8E27059E1B}] => (Allow) LPort=4482
FirewallRules: [{86215835-F90C-4B0B-B784-A9F1A24C1A1B}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{DA61FB46-8450-48F8-BA42-8970EA818118}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{6B948EB3-DA0E-4D3A-B7E9-4706B2F4CE2C}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{DB1CFEFA-2B83-4D0F-8883-49E3E4ADF57D}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{62D0B9BB-84C2-49BC-BCE4-A758FBE12972}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{4AB62CA1-53E5-49D6-A438-6A2DE618C875}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{ED202E39-9734-496A-8A0E-0CBA4DAE6803}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{85018C6A-8A8A-40C5-BBFC-2B862B3E5675}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{75194297-25AF-49C2-966F-225D3B2D515D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{6DE88B36-B708-4DE7-A477-B5B3EC121E65}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{D237C32B-76E9-4AE9-86B7-BF01D7D6D049}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E2CD1DD1-C5C3-48F7-BF29-26A7BACA6458}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{7877AB53-4749-453B-9FB8-F5B7E51E81BE}] => (Allow) LPort=5357
FirewallRules: [{78FBD0C2-B2EE-48A2-9859-FB0FF982B639}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{545544EE-079A-4296-9F66-C009CFA99716}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AF21218A-D0DA-4970-8A33-2340CA45BB96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4AA2B699-A0F4-4F25-9EC0-0BD0E877E6A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9429D054-6ED4-47E5-84AF-35B21DDFF439}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1DFA1CC8-29F0-4B7D-8D63-0457F9EBDC79}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

10-10-2018 13:01:29 Windows Update
11-10-2018 13:00:12 Windows Update
19-10-2018 00:00:02 Scheduled Checkpoint
24-10-2018 19:34:48 Removed Clip Art Collection

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2018 09:21:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KnowhowCloud.exe, version: 2.0.4.186, time stamp: 0x527a7ad3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0602f6c9
Faulting process id: 0x84c
Faulting application start time: 0x01d46d040499e1d2
Faulting application path: C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
Faulting module path: unknown
Report Id: 2b05f818-d8f8-11e8-ac48-4437e6959eec

Error: (10/26/2018 09:21:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KnowhowCloud.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/26/2018 09:21:40 AM) (Source: Knowhow Cloud) (EventID: 0) (User: )
Description: Unhandled exception:

System.NullReferenceException: Object reference not set to an instance of an object.
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(Object )
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/26/2018 09:17:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {54a0d363-d0c9-4500-a818-01d12e30bf24}

Error: (10/26/2018 09:15:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/25/2018 10:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KnowhowCloud.exe, version: 2.0.4.186, time stamp: 0x527a7ad3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05c6e6b9
Faulting process id: 0x8ec
Faulting application start time: 0x01d46cac67e93362
Faulting application path: C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
Faulting module path: unknown
Report Id: 33f0efd3-d8a0-11e8-a2f2-4437e6959eec

Error: (10/25/2018 10:52:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KnowhowCloud.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/25/2018 10:51:59 PM) (Source: Knowhow Cloud) (EventID: 0) (User: )
Description: Unhandled exception:

System.NullReferenceException: Object reference not set to an instance of an object.
at Livedrive.UI.Views.Base.BaseWindow.ShowWindowDialog()
at Livedrive.UI.Models.Services.DialogService.ShowWindowDialog()
at Livedrive.UserSession.UserSession.HandleUpdateMessageImpl(Object )
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (10/26/2018 09:17:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/26/2018 09:15:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/25/2018 10:51:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/25/2018 10:48:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
The system cannot find the path specified.

Error: (10/25/2018 10:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Livedrive VSS Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/25/2018 10:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Livedrive VSS Service service to connect.

Error: (10/25/2018 10:44:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (10/25/2018 10:43:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 74%
Total physical RAM: 4008.43 MB
Available physical RAM: 1008.37 MB
Total Virtual: 8015.01 MB
Available Virtual: 3914.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.59 GB) (Free:326.61 GB) NTFS

\\?\Volume{c009a344-657d-11e1-9c73-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{4884ba0f-9b6b-11e2-90d3-4437e6959eec}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 283AF5E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Tonywalker

TS Rookie
Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Sponge (28-10-2018 18:47:30) Run:1
Running from C:\Users\Sponge\Downloads
Loaded Profiles: Sponge & postgres (Available Profiles: Sponge & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {586f16d6-f373-11e2-a72e-00190e0f9fba} - E:\DTLplus_Launcher.exe
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {d8d5382e-eb62-11e1-a174-00190e0f9fba} - E:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\EX64.SYS [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
2012-03-03 23:48 - 2012-03-03 23:48 - 001914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe
2017-07-06 12:13 - 2017-07-06 12:13 - 000000868 _____ () C:\Users\Sponge\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-08 12:13 - 2012-10-08 12:14 - 000007680 _____ () C:\Users\Sponge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-25 20:54 - 2018-09-09 02:01 - 001664320 _____ (Microsoft Corporation) C:\Users\Sponge\AppData\Local\Temp\dllnt_dump.dll

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{586f16d6-f373-11e2-a72e-00190e0f9fba} => removed successfully
HKLM\Software\Classes\CLSID\{586f16d6-f373-11e2-a72e-00190e0f9fba} => not found
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8d5382e-eb62-11e1-a174-00190e0f9fba} => removed successfully
HKLM\Software\Classes\CLSID\{d8d5382e-eb62-11e1-a174-00190e0f9fba} => not found
"HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
"HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
postgresql-x64-9.0 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\postgresql-x64-9.0 => removed successfully
postgresql-x64-9.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\lmimirr => removed successfully
lmimirr => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\X5XSEx => removed successfully
X5XSEx => service removed successfully
C:\ProgramData\flashax10.exe => moved successfully
C:\Users\Sponge\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully
C:\Users\Sponge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Sponge\AppData\Local\Temp\dllnt_dump.dll => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-10-2018 18:52:14)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.

==== End of Fixlog 18:52:14 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

Tonywalker

TS Rookie
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (69.0.3497.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

Tonywalker

TS Rookie
Farbar Service Scanner Version: 27-01-2016
Ran by Sponge (administrator) on 28-10-2018 at 22:33:49
Running from "C:\Users\Sponge\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Malware Annihilator
Good :)
if Sophos is stuck, try this...

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Under "I want a free one-time scan with ESET Online Scanner" click on "Scan now" button.
  • It'll download small file "esetonlinescanner_enu.exe".
  • Double click on downloaded file.
  • Click on Accept button.
  • Checkmark "Disable detection of potentially unwanted applications".
  • Click Scan
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.