Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Carl (administrator) on WINDOWS-I4X63IQ (16-08-2018 10:51:49)
Running from E:\Downloads\_CPU-Net\_Anti-Virus
Loaded Profiles: Carl & (Available Profiles: Carl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Syntek America Inc.) C:\WINDOWS\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe
(AVAST Software) C:\Utility.sys\Spyware - Avast\AvastUI.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Ziff-Davis Media, Inc.) C:\Utility.sys\NetPerSec\NetPerSec.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Varate Vgiolitzndes Records) C:\Utility.sys\2xExplorer\2xExplorer.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [AvastUI.exe] => C:\Utility.sys\Spyware - Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [BuffaloTools] => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-05] (BUFFALO INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2016-10-10] (CANON INC.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\InnoTab 2\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Weather] => C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Carl\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-02-28] (Yahoo!, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [Weather] => C:\Program Files (x86)\WeatherBug\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [Yahoo Messenger Updater] => C:\Users\Carl\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2017-02-28] (Yahoo!, Inc.)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\MountPoints2: {084762e3-8a9b-11e8-a5a2-24b6fd1437bd} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550\...\MountPoints2: {4b362eb8-2faa-11e2-9025-e4d53de93a34} - F:\DriveNavi.exe
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amcap.lnk [2012-11-19]
ShortcutTarget: Amcap.lnk -> C:\Program Files (x86)\Vimicro\amcap.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPerSec.lnk [2018-08-04]
ShortcutTarget: NetPerSec.lnk -> C:\Utility.sys\NetPerSec\NetPerSec.exe (Ziff-Davis Media, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-11]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk [2012-04-29]
ShortcutTarget: speedfan.lnk -> C:\Utility.sys\SpeedFan4.34\speedfan.exe (Almico Software (
www.almico.com))
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{0E21F077-EB43-49B3-AA41-1149BA8AB9A2}: [DhcpNameServer] 192.168.192.10 192.168.191.10
Tcpip\..\Interfaces\{155DF4E0-D023-41A7-99E6-B202E555D299}: [NameServer] 77.234.40.79
Internet Explorer:
==================
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE64.dll [2018-07-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Utility.sys\Spyware - Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-27] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FireFox:
========
FF DefaultProfile: 0ek4oy6g.default-1533138630327
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739 [2018-08-04]
FF Extension: (Avast Online Security) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-15]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\8mtkq221.default-1516030782739\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-15]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380 [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-01-19]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\v3c50zv7.default-1516412548380\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-01-19]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538 -> hxxps://startpage.com/
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-03-10]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-03-10]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\6p7vegbg.default-1520706220538\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-03-10]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\yoijzgza.default-1523995957406 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359 [2018-08-04]
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-05-08]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-05-08]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\iwfpeibi.default-1525815878359\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-05-08]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\jpi8b2v7.default-1525957615734 [2018-08-04]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327 [2018-08-16]
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-03]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-03]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\0ek4oy6g.default-1533138630327\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-03]
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 [2018-08-04]
FF Homepage: Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514 -> hxxps://startpage.com
FF Extension: (Location Guard) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2018-08-04]
FF Extension: (Empty Cache Button) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-08-04]
FF Extension: (Toggle Referrer) - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\k1cgchtw.default-1533392746514\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2018-08-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VLC Media Player\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-03] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: SkypePlugin64 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000: usaa.com/web -> C:\Users\Carl\AppData\Roaming\com.usaa\usaa-web\1.0.11\npusaa-web-1.0.11.dll [2015-09-03] (USAA)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: SkypePlugin -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: SkypePlugin64 -> C:\Users\Carl\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1142599995-1776523847-1352253491-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08152018104529550: usaa.com/web -> C:\Users\Carl\AppData\Roaming\com.usaa\usaa-web\1.0.11\npusaa-web-1.0.11.dll [2015-09-03] (USAA)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Utility.sys\Spyware - Avast\x64\aswidsagenta.exe [7780400 2018-07-17] (AVAST Software)
R2 avast! Antivirus; C:\Utility.sys\Spyware - Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd.)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 StkSSrv; C:\windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-03-24] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-03-24] (Check Point Software Technologies Ltd.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe /Processid:{72D6EC87-52C4-44D0-81CA-2D2D2A484CC8}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [197160 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201328 2018-07-17] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346664 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59592 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239680 2018-07-17] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46976 2018-07-17] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-26] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [159640 2018-07-17] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111872 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [85968 2018-07-17] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1027728 2018-07-17] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [211160 2018-07-17] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-01-29] (The OpenVPN Project)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [381584 2018-07-17] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
R3 GenericMount; C:\windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [191208 2018-08-13] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [114920 2018-08-15] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [48360 2018-08-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-13] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [92792 2018-08-16] (Malwarebytes)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S3 StkCMini; C:\windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
R0 symsnap; C:\windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 USBMULCD; C:\windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S3 VProEventMonitor; C:\windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath
U2 V2iMount; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-13 09:07 - 2018-08-13 09:07 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-08-13 09:01 - 2018-08-13 09:01 - 000000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-08-13 09:01 - 2018-08-13 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-08-13 09:01 - 2018-08-13 09:01 - 000000000 ____D C:\Program Files\RogueKiller
2018-08-13 09:01 - 2018-08-13 08:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-13 08:55 - 2018-08-13 08:56 - 036826200 _____ (Adlice Software ) C:\Users\Carl\Downloads\RogueKiller_setup_ref3.exe
2018-08-13 08:47 - 2018-08-13 08:47 - 000001887 _____ C:\Users\Carl\Desktop\Malwarebytes.lnk
2018-08-13 08:42 - 2018-08-16 10:37 - 000092792 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-08-13 08:42 - 2018-08-15 10:47 - 000114920 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-08-13 08:42 - 2018-08-15 10:47 - 000048360 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-08-13 08:42 - 2018-08-13 08:42 - 000191208 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-08-13 08:41 - 2018-08-13 08:41 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-13 08:41 - 2018-08-13 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-13 08:41 - 2018-08-13 08:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-13 08:41 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-08-13 08:39 - 2018-08-13 08:40 - 078989872 _____ (Malwarebytes ) C:\Users\Carl\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
2018-08-13 08:24 - 2018-08-13 08:24 - 007417040 _____ (Malwarebytes) C:\Users\Carl\Downloads\adwcleaner_7.2.2.exe
2018-08-13 08:21 - 2018-08-13 08:32 - 000000000 ____D C:\AdwCleaner
2018-08-13 08:16 - 2018-08-13 08:15 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-08-11 18:57 - 2018-08-11 18:57 - 000208964 _____ C:\Users\Carl\Documents\IMG_20180811_0005.pdf
2018-08-11 18:54 - 2018-08-11 18:54 - 000622395 _____ C:\Users\Carl\Documents\IMG_20180811_0003.pdf
2018-08-04 12:00 - 2018-08-16 10:51 - 000000000 ____D C:\FRST
2018-08-03 18:21 - 2018-08-03 18:21 - 000001337 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2018-08-03 18:21 - 2018-08-03 18:21 - 000000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2018-08-03 18:20 - 2018-08-03 18:20 - 000001305 _____ C:\Users\Public\Desktop\Free Video Editor.lnk
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\FreeCodecPack
2018-08-03 18:20 - 2018-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\Free Video Editor
2018-08-03 18:19 - 2018-08-03 18:21 - 000000000 ____D C:\Users\Carl\AppData\Roaming\DVDVideoSoft
2018-08-03 18:09 - 2018-08-03 18:11 - 000000000 ____D C:\Users\Carl\AppData\Roaming\vlc
2018-08-03 18:08 - 2018-08-03 18:08 - 000000839 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-08-03 18:08 - 2018-08-03 18:08 - 000000000 ____D C:\Program Files\VLC Media Player
2018-08-03 17:30 - 2018-08-03 17:30 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000002208 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake Team
2018-08-03 17:30 - 2018-08-03 17:30 - 000000000 ____D C:\Users\Carl\AppData\Roaming\HandBrake
2018-08-03 17:29 - 2018-08-03 17:30 - 000000983 _____ C:\Users\Carl\Desktop\HandBrake.lnk
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-08-03 17:29 - 2018-08-03 17:29 - 000000000 ____D C:\Program Files\HandBrake
2018-08-03 17:25 - 2018-08-03 17:25 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-01 11:47 - 2018-08-01 10:56 - 009724650 _____ C:\Users\Carl\Documents\IMG_20180801_0013.pdf
2018-08-01 11:46 - 2018-08-01 11:46 - 000476250 _____ C:\Users\Carl\Documents\IMG_20180801_0012.pdf
2018-08-01 11:40 - 2018-08-01 11:44 - 004244800 _____ C:\Users\Carl\Documents\IMG_20180801_0011.pdf
2018-08-01 11:39 - 2018-08-01 10:52 - 013959943 _____ C:\Users\Carl\Documents\IMG_20180801_0010.pdf
2018-08-01 11:33 - 2018-08-01 11:38 - 030553694 _____ C:\Users\Carl\Documents\IMG_20180801_0005.pdf
2018-08-01 11:29 - 2018-08-01 11:29 - 000630423 _____ C:\Users\Carl\Documents\IMG_20180801_0004.pdf
2018-08-01 11:24 - 2018-08-01 11:24 - 000190682 _____ C:\Users\Carl\Documents\IMG_20180801_0009.pdf
2018-08-01 11:22 - 2018-08-01 11:22 - 000692920 _____ C:\Users\Carl\Documents\IMG_20180801_0003.pdf
2018-08-01 11:20 - 2018-08-01 11:20 - 000187474 _____ C:\Users\Carl\Documents\IMG_20180801_0008.pdf
2018-08-01 11:18 - 2018-08-01 11:19 - 000920642 _____ C:\Users\Carl\Documents\IMG_20180801_0002.pdf
2018-08-01 11:10 - 2018-08-01 11:13 - 000890398 _____ C:\Users\Carl\Documents\IMG_20180801_0001.pdf
2018-08-01 11:07 - 2018-08-01 11:08 - 000000000 ____D C:\Program Files (x86)\VLC Media Player
2018-08-01 11:04 - 2018-08-01 11:04 - 000845942 _____ C:\Users\Carl\Documents\IMG_20180801_0007.pdf
2018-08-01 10:47 - 2018-08-01 10:52 - 030567714 _____ C:\Users\Carl\Documents\IMG_20180801_0006.pdf
2018-07-30 22:03 - 2018-08-01 10:53 - 000004096 ___SH C:\VSNAP.IDX
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Roaming\Symantec
2018-07-28 12:08 - 2018-07-28 12:08 - 000000000 ____D C:\Users\Carl\AppData\Local\Symantec_Corporation
2018-07-28 12:06 - 2010-03-03 19:59 - 000154168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WimFltr.sys
2018-07-28 12:05 - 2018-07-28 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
2018-07-28 12:05 - 2018-07-28 12:05 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_GenericMount_01009.Wdf
2018-07-28 12:05 - 2010-02-11 02:34 - 000170032 _____ (StorageCraft) C:\windows\system32\Drivers\symsnap.sys
2018-07-28 12:05 - 2009-09-21 20:40 - 000020528 _____ (Symantec Corporation) C:\windows\system32\Drivers\vproeventmonitor.sys
2018-07-28 12:04 - 2018-07-28 12:55 - 000000000 ____D C:\ProgramData\Symantec
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2018-07-28 12:04 - 2018-07-28 12:04 - 000000000 ____D C:\Program Files (x86)\Norton Ghost
2018-07-28 12:04 - 2009-05-18 14:17 - 000034152 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2018-07-28 12:04 - 2008-04-17 13:12 - 000126312 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll
2018-07-28 12:04 - 2008-04-17 13:12 - 000107368 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll
2018-07-27 13:13 - 2018-07-27 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 10:02 - 2018-08-13 08:21 - 000000000 ____D C:\Users\Carl\AppData\Local\AVAST Software
2018-07-17 18:49 - 2018-07-17 18:48 - 000378072 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-16 10:51 - 2016-11-18 19:48 - 000000000 ____D C:\Users\Carl\AppData\LocalLow\Mozilla
2018-08-16 10:50 - 2017-02-08 17:15 - 000004154 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-08-16 09:55 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-16 09:55 - 2009-07-13 23:45 - 000020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-14 20:11 - 2018-07-13 08:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-13 08:41 - 2013-02-24 05:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-13 08:20 - 2017-05-07 09:56 - 000000000 ____D C:\Users\Carl\AppData\Local\CrashDumps
2018-08-13 08:20 - 2012-01-10 16:58 - 000000000 ____D C:\ProgramData\Sonic
2018-08-13 08:15 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-13 08:14 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-13 08:14 - 2018-05-08 20:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 09:25 - 2016-12-26 14:20 - 000000000 _____ C:\windows\SysWOW64\last.dump
2018-08-06 08:50 - 2009-07-14 00:13 - 000909514 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-06 08:50 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-08-04 09:15 - 2012-11-26 10:38 - 000000000 ____D C:\windows\Minidump
2018-08-03 17:30 - 2013-01-21 18:02 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-01 11:30 - 2012-04-28 17:38 - 000000000 ____D C:\Utility.sys
2018-08-01 10:59 - 2014-07-11 15:02 - 000000000 ____D C:\Users\Carl\AppData\Local\Adobe
2018-08-01 10:59 - 2012-11-20 11:33 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-01 10:59 - 2012-01-10 16:42 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-01 10:59 - 2012-01-10 16:42 - 000000000 ____D C:\windows\system32\Macromed
2018-08-01 10:53 - 2009-07-14 00:08 - 000032576 _____ C:\windows\Tasks\SCHEDLGU.TXT
2018-07-28 13:02 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-07-27 13:54 - 2013-10-26 19:16 - 000000000 ____D C:\ProgramData\Oracle
2018-07-27 13:15 - 2015-11-06 19:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-27 13:13 - 2015-11-06 19:54 - 000098680 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-23 09:19 - 2013-04-11 22:29 - 000467064 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-07-17 18:48 - 2017-11-17 10:27 - 000197160 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-07-17 18:48 - 2014-05-13 13:11 - 000046976 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-07-17 18:48 - 2014-01-03 09:02 - 000211160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 001027728 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000159640 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-07-17 18:48 - 2013-04-11 22:29 - 000111872 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000381584 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-07-17 18:48 - 2013-03-21 09:28 - 000085968 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-07-17 18:47 - 2017-10-13 09:19 - 000239680 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000346664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000229392 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000201328 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-07-17 18:47 - 2017-02-08 17:15 - 000059592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
==================== Files in the root of some directories =======
2017-10-11 12:29 - 2017-10-11 12:29 - 000000000 _____ () C:\ProgramData\cisE4C3.exe
2013-08-21 21:46 - 2013-08-21 21:47 - 000003725 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-11-03 11:28 - 2015-11-03 11:28 - 000000041 _____ () C:\Users\Carl\AppData\Roaming\mbam.context.scan
2012-07-02 15:40 - 2012-09-08 19:50 - 000020992 _____ () C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-06 13:19 - 2017-11-06 13:25 - 000000137 _____ () C:\Users\Carl\AppData\Local\Support.ini
2018-01-23 12:41 - 2018-01-23 12:41 - 000000000 _____ () C:\Users\Carl\AppData\Local\{47647FD6-D3B0-4CB1-9E7C-6F8837ABA0FA}
2016-02-08 11:31 - 2016-02-08 11:31 - 000000000 _____ () C:\Users\Carl\AppData\Local\{5B6D3BA0-DA17-4270-89D1-EAF33CA6D802}
Some files in TEMP:
====================
2018-08-13 09:01 - 2018-03-30 20:38 - 001665336 _____ (Microsoft Corporation) C:\Users\Carl\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-06 14:28
==================== End of FRST.txt ============================