Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by dads 4 (administrator) on DADS4-PC (18-01-2017 08:27:57)
Running from C:\Users\dads 4\Desktop\teckspot
Loaded Profiles: dads 4 (Available Profiles: dads 4 & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Failed to access process -> Memory Compression
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Carbonite, Inc. (
www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [NvrStorageSever] => C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Storage\NvrStorageSever.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Stream Media Server] => C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Stream Media Server\StreamServerApp.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_winlogonx64.dll [X]
HKU\S-1-5-21-3462028643-4206859564-3893880754-1000\...\MountPoints2: {9eb984f2-a728-11e5-9bdd-00248c524720} - "H:\SETUP.EXE"
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-08-31]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0c8b02cc-704e-4921-ae9d-6fc492b432bd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e63a66e4-42cb-46f9-b7bc-a236f1ad338a}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3462028643-4206859564-3893880754-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\dads 4\AppData\Roaming\Mozilla\Firefox\Profiles\xuun49pd.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-12-11] ()
FF Plugin HKU\S-1-5-21-3462028643-4206859564-3893880754-1000: @citrixonline.com/appdetectorplugin -> C:\Users\dads 4\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-01] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (YouTube) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google Search) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Avast SafePrice) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Gmail) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\dads 4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKU\S-1-5-21-3462028643-4206859564-3893880754-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (
www.carbonite.com)) [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1185\g2ax_service.exe [607240 2017-01-01] (Citrix Systems, Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2016-09-30] (Microsoft Corporation)
R2 MSSQL$BARTENDER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
R2 OneSyncSvc_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-30] (Microsoft Corporation)
R3 UnistoreSvc_94ba1; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [83456 2016-09-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [568832 2016-09-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_94ba1; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_94ba1; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-11] (Brother Industries Ltd.)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 hcw89; C:\Windows\system32\DRIVERS\hcw89.sys [1771904 2015-01-06] (Hauppauge Computer Works, Inc.)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-09-30] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-18] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175616 2016-09-30] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [288768 2016-07-16] (Marvell)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 07:58 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FFB.tmp
2017-01-18 07:58 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FC7.tmp
2017-01-18 07:58 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FFA.tmp
2017-01-18 07:58 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw800C.tmp
2017-01-18 07:58 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FE9.tmp
2017-01-18 07:58 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FD7.tmp
2017-01-18 07:58 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FEA.tmp
2017-01-18 07:58 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FD8.tmp
2017-01-18 07:58 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7FB6.tmp
2017-01-18 07:57 - 2016-09-26 07:37 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-01-18 06:54 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25FE.tmp
2017-01-18 06:54 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25CA.tmp
2017-01-18 06:54 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25FD.tmp
2017-01-18 06:54 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw260F.tmp
2017-01-18 06:54 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25EC.tmp
2017-01-18 06:54 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25DA.tmp
2017-01-18 06:54 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25ED.tmp
2017-01-18 06:54 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25DB.tmp
2017-01-18 06:54 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25B9.tmp
2017-01-18 05:51 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5EE.tmp
2017-01-18 05:51 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5B9.tmp
2017-01-18 05:51 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5DD.tmp
2017-01-18 05:51 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5EF.tmp
2017-01-18 05:51 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5CB.tmp
2017-01-18 05:51 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5BA.tmp
2017-01-18 05:51 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5DC.tmp
2017-01-18 05:51 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5CA.tmp
2017-01-18 05:51 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5A8.tmp
2017-01-18 04:47 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1E04.tmp
2017-01-18 04:47 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DCF.tmp
2017-01-18 04:47 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1E03.tmp
2017-01-18 04:47 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1E14.tmp
2017-01-18 04:47 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DF1.tmp
2017-01-18 04:47 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DDF.tmp
2017-01-18 04:47 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DF2.tmp
2017-01-18 04:47 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DE0.tmp
2017-01-18 04:47 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1DCE.tmp
2017-01-18 03:44 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B2B.tmp
2017-01-18 03:44 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3AF6.tmp
2017-01-18 03:44 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B1A.tmp
2017-01-18 03:44 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B2C.tmp
2017-01-18 03:44 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B08.tmp
2017-01-18 03:44 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3AF7.tmp
2017-01-18 03:44 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B19.tmp
2017-01-18 03:44 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3B07.tmp
2017-01-18 03:44 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3AE5.tmp
2017-01-18 02:41 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw446C.tmp
2017-01-18 02:41 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4408.tmp
2017-01-18 02:41 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw446B.tmp
2017-01-18 02:41 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw447D.tmp
2017-01-18 02:41 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4459.tmp
2017-01-18 02:41 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4449.tmp
2017-01-18 02:41 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw445A.tmp
2017-01-18 02:41 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw444A.tmp
2017-01-18 02:41 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw43F8.tmp
2017-01-18 01:37 - 2016-10-13 03:20 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA894.tmp
2017-01-18 01:37 - 2016-09-26 07:40 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA84F.tmp
2017-01-18 01:37 - 2016-09-26 07:40 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA885.tmp
2017-01-18 01:37 - 2016-09-26 07:37 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA895.tmp
2017-01-18 01:37 - 2016-09-26 07:37 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA873.tmp
2017-01-18 01:37 - 2016-09-26 07:37 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA860.tmp
2017-01-18 01:37 - 2016-09-26 07:37 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA874.tmp
2017-01-18 01:37 - 2016-09-26 07:37 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA861.tmp
2017-01-18 01:37 - 2016-09-26 07:36 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswA83E.tmp