Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Sponge (administrator) on SPONGE-PC (26-10-2018 12:37:12)
Running from C:\Users\Sponge\Downloads
Loaded Profiles: Sponge & postgres (Available Profiles: Sponge & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SoftSol Limited) C:\TaxiMATE\TaxiMATE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2013\StreetsOlkShim.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NortonSupport] => "C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe" /supportreboot
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-16] ()
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [SetDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-31] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [KnowhowCloud] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [3482272 2013-11-06] (DSG Retail Limited)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {586f16d6-f373-11e2-a72e-00190e0f9fba} - E:\DTLplus_Launcher.exe
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\...\MountPoints2: {d8d5382e-eb62-11e1-a174-00190e0f9fba} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-08-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP ENVY 5640 series.lnk [2018-10-26]
ShortcutTarget: Monitor Cartridge Alerts - HP ENVY 5640 series.lnk -> C:\Program Files\HP\HP ENVY 5640 series\Bin\HPStatusBL.dll (HP Inc.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk [2014-09-12]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sponge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-05-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A9A5F0CF-63D2-463A-A14E-CCD3864455A0}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-1769499328-1730554653-1278974721-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
URLSearchHook: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_en
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://
www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-21-1769499328-1730554653-1278974721-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://
www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1769499328-1730554653-1278974721-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\coIEPlg.dll [2018-10-05] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1100
FireFox:
========
FF ProfilePath: C:\Users\Sponge\AppData\Roaming\TomTom\HOME\Profiles\umgpdkf3.default [2016-03-16]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-03-16] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-22] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default [2018-10-26]
CHR Extension: (IBM Security Rapport) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-08-10]
CHR Extension: (Norton Safe) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Sponge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1769499328-1730554653-1278974721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-16] () [File not signed]
R2 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [210592 2013-11-06] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton 360\Engine\22.16.0.247\NortonSecurity.exe [328648 2018-10-05] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5256184 2018-09-06] (IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
R2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20181023.001\BHDrvx64.sys [1925104 2018-09-18] (Symantec Corporation)
R1 CbFs; C:\windows\system32\drivers\cbfs.sys [191960 2010-02-16] (EldoS Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NGC; C:\windows\system32\drivers\NGCx64\1610000.0F7\ccSetx64.sys [190424 2018-10-05] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153072 2018-10-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20181025.061\IDSvia64.sys [1305072 2018-10-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-26] (Malwarebytes)
S3 NPF; C:\windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [498064 2018-09-06] (IBM Corp.)
R1 RapportCerberus_1930074; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930074.sys [1651176 2018-10-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [719440 2018-09-06] (IBM Corp.)
R0 RapportHades64; C:\windows\System32\Drivers\RapportHades64.sys [339920 2018-09-06] (IBM Corp.)
R0 RapportKE64; C:\windows\System32\Drivers\RapportKE64.sys [604752 2018-09-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [752000 2018-09-06] (IBM Corp.)
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SRTSP; C:\windows\System32\drivers\NGCx64\1610000.0F7\SRTSP64.SYS [832192 2018-10-05] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NGCx64\1610000.0F7\SRTSPX64.SYS [49856 2018-10-05] (Symantec Corporation)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1610000.0F7\SYMEFASI64.SYS [1969136 2018-10-05] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-10] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\SymPlatform\SymEvnt.sys [114256 2018-09-11] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NGCx64\1610000.0F7\Ironx64.SYS [308304 2018-10-05] (Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1610000.0F7\symnets.sys [566912 2018-10-05] (Symantec Corporation)
R0 WinI2C-DDC; C:\windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-23] (Nicomsoft Ltd.)
S3 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1610000.0F7\wpCtrlDrv.sys [1010856 2018-10-05] (Symantec Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\EX64.SYS [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-26 09:55 - 2018-10-26 09:55 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2018-10-26 09:15 - 2018-10-26 09:15 - 000260384 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-10-25 22:15 - 2018-10-25 22:43 - 000000000 ____D C:\AdwCleaner
2018-10-25 21:53 - 2018-10-25 21:53 - 000000000 ____D C:\Users\Sponge\AppData\Local\mbamtray
2018-10-25 21:53 - 2018-10-25 21:53 - 000000000 ____D C:\Users\Sponge\AppData\Local\mbam
2018-10-25 21:52 - 2018-10-25 21:52 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-25 21:52 - 2018-10-25 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-25 21:52 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-10-25 20:52 - 2018-10-25 20:53 - 037029072 _____ (Adlice Software ) C:\Users\Sponge\Downloads\RogueKiller_setup_ref3.exe
2018-10-25 20:52 - 2018-10-25 20:52 - 007592144 _____ (Malwarebytes) C:\Users\Sponge\Downloads\AdwCleaner.exe
2018-10-25 20:51 - 2018-10-25 20:53 - 079386560 _____ (Malwarebytes ) C:\Users\Sponge\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7501.exe
2018-10-24 19:22 - 2018-10-26 12:38 - 000024052 _____ C:\Users\Sponge\Downloads\FRST.txt
2018-10-24 19:22 - 2018-10-24 19:22 - 000038330 _____ C:\Users\Sponge\Downloads\Addition.txt
2018-10-23 15:30 - 2018-10-24 19:14 - 000000000 ____D C:\Users\Sponge\Downloads\FRST-OlderVersion
2018-10-23 15:29 - 2018-10-26 12:37 - 000000000 ____D C:\FRST
2018-10-23 15:29 - 2018-10-24 19:14 - 002414592 _____ (Farbar) C:\Users\Sponge\Downloads\FRST64.exe
2018-10-17 12:47 - 2018-10-17 12:47 - 000000000 ____D C:\windows\System32\Tasks\Norton 360
2018-10-17 12:45 - 2018-10-17 13:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-10-17 12:45 - 2018-10-17 12:45 - 000003210 _____ C:\windows\System32\Tasks\Norton WSC Integration
2018-10-13 02:25 - 2018-10-13 02:25 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-13 02:25 - 2018-10-13 02:25 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-10-09 20:00 - 2018-09-19 09:08 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2018-10-09 20:00 - 2018-09-18 20:08 - 000396888 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 19:10 - 000348976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-10-09 20:00 - 2018-09-18 06:52 - 025735168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-10-09 20:00 - 2018-09-18 06:38 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 06:38 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-10-09 20:00 - 2018-09-18 06:27 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-10-09 20:00 - 2018-09-18 06:26 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-10-09 20:00 - 2018-09-18 06:25 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 06:25 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 06:19 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 06:18 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-10-09 20:00 - 2018-09-18 06:16 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-10-09 20:00 - 2018-09-18 06:15 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 06:15 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-10-09 20:00 - 2018-09-18 06:14 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 06:14 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-10-09 20:00 - 2018-09-18 06:09 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-10-09 20:00 - 2018-09-18 06:06 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 06:01 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-10-09 20:00 - 2018-09-18 06:00 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:57 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-10-09 20:00 - 2018-09-18 05:57 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 05:55 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 05:53 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-10-09 20:00 - 2018-09-18 05:45 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-10-09 20:00 - 2018-09-18 05:43 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-10-09 20:00 - 2018-09-18 05:42 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 05:41 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 05:41 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 05:39 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-10-09 20:00 - 2018-09-18 05:35 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-10-09 20:00 - 2018-09-18 05:33 - 020278784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-10-09 20:00 - 2018-09-18 05:31 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-10-09 20:00 - 2018-09-18 05:23 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-10-09 20:00 - 2018-09-18 05:21 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-10-09 20:00 - 2018-09-18 05:20 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-10-09 20:00 - 2018-09-18 05:20 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-10-09 20:00 - 2018-09-18 05:19 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-10-09 20:00 - 2018-09-18 05:18 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-10-09 20:00 - 2018-09-18 05:15 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-10-09 20:00 - 2018-09-18 05:14 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-10-09 20:00 - 2018-09-18 05:13 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-10-09 20:00 - 2018-09-18 05:12 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-10-09 20:00 - 2018-09-18 05:10 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-10-09 20:00 - 2018-09-18 05:06 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-10-09 20:00 - 2018-09-18 05:03 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-10-09 20:00 - 2018-09-18 05:02 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-10-09 20:00 - 2018-09-18 05:00 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-10-09 20:00 - 2018-09-18 04:59 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-10-09 20:00 - 2018-09-18 04:58 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-10-09 20:00 - 2018-09-18 04:57 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-10-09 20:00 - 2018-09-18 04:53 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-10-09 20:00 - 2018-09-18 04:52 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-10-09 20:00 - 2018-09-18 04:51 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-10-09 20:00 - 2018-09-18 04:50 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-10-09 20:00 - 2018-09-18 04:50 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-10-09 20:00 - 2018-09-18 04:37 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll