Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by LightIceFury (administrator) on MASARO (22-02-2017 22:09:15)
Running from C:\Users\LightIceFury\Desktop
Loaded Profiles: LightIceFury (Available Profiles: LightIceFury)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Dropbox, Inc.) C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.15.2140.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-07] (AVAST Software)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-09-11] (Razer Inc.)
HKLM-x32\...\RunOnce: [CleanUp RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Dropbox Update] => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [World of Tanks] => "F:\World of Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [World of Warships] => "F:\World of Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Zoom] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2014-11-05]
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-09-13] ()
Startup: C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:67433491dbd /wow /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1cc355f8-87d7-4a42-980d-af4b921ad0a3}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\LightIceFury\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-11-21] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: SkypePlugin -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi.dll [2016-01-15] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: SkypePlugin64 -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi-x64.dll [2016-01-15] (Skype Technologies S.A.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://
www.yahoo.com?fr=hp-avast&type=odc019
CHR StartupUrls: Default -> "hxxps://
www.yahoo.com?fr=hp-avast&type=odc019"
CHR Profile: C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Skype Calling) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-19]
CHR Extension: (YouTube) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-21]
CHR Extension: (Google Search) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-30]
CHR Extension: (Gmail) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-08-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2015-08-12] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-07] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-08-22] (AhnLab, Inc.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37416 2015-08-13] (Wellbia.com Co., Ltd.)
S3 X6va062; \??\C:\WINDOWS\SysWoW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\WINDOWS\SysWoW64\Drivers\X6va063 [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 22:09 - 2017-02-22 22:09 - 00024723 _____ C:\Users\LightIceFury\Desktop\FRST.txt
2017-02-22 22:08 - 2017-02-22 22:09 - 00000000 ____D C:\FRST
2017-02-22 22:06 - 2017-02-22 22:07 - 02423296 _____ (Farbar) C:\Users\LightIceFury\Desktop\FRST64.exe
2017-02-20 19:31 - 2017-02-20 19:31 - 00284324 _____ C:\Users\LightIceFury\Downloads\Maritime Offshore Safety Culture Ch 4(2).pptx
2017-02-12 17:55 - 2017-02-14 14:14 - 00000000 ____D C:\Users\LightIceFury\Desktop\ENGR 3410
2017-02-08 23:52 - 2017-02-08 23:52 - 00000000 ___HD C:\OneDriveTemp
2017-02-08 23:50 - 2017-02-08 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 23:49 - 2017-02-08 23:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 23:49 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 23:49 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 23:49 - 2016-12-29 07:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 23:49 - 2016-12-29 06:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 23:49 - 2016-09-09 12:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 23:49 - 2016-09-09 12:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 23:49 - 2016-09-09 12:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 23:49 - 2016-09-09 12:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-07 20:59 - 2017-02-07 20:59 - 00000999 _____ C:\Users\LightIceFury\Desktop\Pokémon Trading Card Game Online.lnk
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\LocalLow\Unity
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\LocalLow\The Pokémon Company International
2017-02-07 20:52 - 2017-02-07 20:58 - 281178624 _____ C:\Users\LightIceFury\Downloads\PokemonInstaller.msi
2017-02-07 18:20 - 2017-02-07 18:20 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 16:45 - 2017-02-22 21:02 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-07 16:45 - 2017-02-07 16:45 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-07 16:45 - 2017-02-07 16:45 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-06 23:05 - 2017-02-08 00:14 - 00017117 _____ C:\Users\LightIceFury\Downloads\Chapter 3 Homework.xlsx
2017-02-01 07:48 - 2017-02-01 07:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-01 07:48 - 2017-02-01 07:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-31 21:03 - 2017-01-31 21:03 - 00094299 _____ C:\Users\LightIceFury\Downloads\PROB06.pdf
2017-01-31 20:56 - 2017-01-31 20:56 - 38219475 _____ C:\Users\LightIceFury\Downloads\Paper Chemical Process Principlesby Felder Ed3.pdf
2017-01-31 00:28 - 2017-01-31 00:28 - 00089600 _____ C:\Users\LightIceFury\Downloads\Linest-poly.xls
2017-01-30 23:53 - 2017-01-30 23:53 - 00032579 _____ C:\Users\LightIceFury\Downloads\In Class Examples - Chapter 2.xlsx
2017-01-30 23:47 - 2017-02-01 09:44 - 00012312 _____ C:\Users\LightIceFury\Downloads\Homework 2.xlsx
2017-01-30 21:32 - 2017-01-30 21:32 - 00094796 _____ C:\Users\LightIceFury\Downloads\ENGR_3410_Lecture_2_LAB_1.xlsx
2017-01-30 21:31 - 2017-01-30 21:31 - 00012800 _____ C:\Users\LightIceFury\Downloads\ENGR_3410_Lecture_2_LAB_2(1).xlsx
2017-01-24 19:09 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 19:09 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 22:04 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 22:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 22:00 - 2016-09-26 16:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 01:46 - 2014-06-30 06:42 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Packages
2017-02-22 01:45 - 2014-07-05 11:29 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Skype
2017-02-22 01:45 - 2014-07-01 17:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 01:33 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-22 01:31 - 2015-08-02 17:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-22 00:43 - 2014-08-30 23:24 - 00000000 ____D C:\Program Files (x86)\ClearThink
2017-02-21 22:55 - 2016-04-20 14:32 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\CrashDumps
2017-02-21 21:07 - 2017-01-19 17:37 - 00000000 ____D C:\Users\LightIceFury\Desktop\ENGR 1400
2017-02-21 17:01 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 14:31 - 2016-09-26 16:43 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1465018426
2017-02-19 14:31 - 2016-06-03 23:33 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-16 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-16 18:05 - 2014-07-14 05:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 13:42 - 2016-09-26 16:46 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Deployment
2017-02-14 04:46 - 2014-07-05 11:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-13 19:53 - 2014-07-05 11:29 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-12 17:42 - 2016-12-19 22:20 - 00000000 ____D C:\Users\LightIceFury\Documents\My Kindle Content
2017-02-12 17:19 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-09 23:54 - 2014-09-29 10:03 - 00388396 _____ C:\Users\LightIceFury\Downloads\DnD_5E_CharacterSheet - Form Fillable.pdf
2017-02-08 23:57 - 2016-09-26 19:29 - 00468370 _____ C:\WINDOWS\system32\perfh012.dat
2017-02-08 23:57 - 2016-09-26 19:29 - 00132568 _____ C:\WINDOWS\system32\perfc012.dat
2017-02-08 23:57 - 2015-08-08 10:50 - 01853274 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-08 23:52 - 2014-08-26 20:41 - 00000000 __RDO C:\Users\LightIceFury\OneDrive
2017-02-08 23:52 - 2014-07-05 11:40 - 00000000 ___RD C:\Users\LightIceFury\Dropbox
2017-02-08 23:51 - 2016-09-26 16:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-08 23:51 - 2016-09-26 16:36 - 00000000 ____D C:\Users\LightIceFury
2017-02-08 23:51 - 2016-09-26 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 23:51 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-08 23:50 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 18:20 - 2014-07-05 11:34 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Dropbox
2017-02-07 16:45 - 2016-06-03 23:32 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148706916159303
2017-02-07 16:45 - 2014-07-05 11:32 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:06 - 2014-06-29 16:46 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 17:45 - 2016-01-28 00:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 17:45 - 2014-07-05 11:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-31 22:49 - 2016-12-19 22:20 - 00002330 _____ C:\Users\LightIceFury\Desktop\Kindle.lnk
2017-01-31 22:49 - 2016-12-19 22:20 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Amazon
2017-01-30 23:14 - 2016-03-22 19:50 - 00000000 ____D C:\Users\LightIceFury\Documents\Resumes
==================== Files in the root of some directories =======
2016-09-26 16:35 - 2016-09-26 16:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-07-23 22:20 - 2016-07-23 22:20 - 0000016 _____ () C:\ProgramData\mntemp
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-17 00:54
==================== End of FRST.txt ============================