Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01 Ran by User (administrator) on USER-PC (10-02-2019 21:56:23) Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\System32\tisarmlsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\non-os\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\non-os\Avast\aswidsagent.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe (Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (AVAST Software) C:\non-os\Avast\AvastUI.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [AvastUI.exe] => C:\non-os\Avast\AvLaunch.exe [259976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Policies\Explorer: [NoTaskGrouping] 1 HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [TaskbarLockAll] 1 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoAutoTrayNotify] 1 HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{8A85C905-A85F-4151-BAFC-F388992A3B15}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2019-01-01] (Oracle America, Inc. -> Oracle Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2019-01-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2019-01-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1 CHR StartupUrls: Default -> "hxxp://www.yahoo.com/" CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-02-10] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13] CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-01-26] CHR Extension: (iCloud Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-12-31] CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04] CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13] CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-01-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-26] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-26] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh <==== ATTENTION (Rootkit!) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) R3 aswbIDSAgent; C:\non-os\Avast\aswidsagent.exe [6758976 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\non-os\Avast\AvastSvc.exe [357304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation -> Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation - pGFX -> Intel Corporation) S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> ) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257064 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Windows -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation) S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196072 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320696 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57960 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [167304 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112312 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87944 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034432 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474456 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216784 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379952 2019-02-08] (AVAST Software s.r.o. -> AVAST Software) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Techporch Incorporated -> Dell Inc.) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Techporch Incorporated -> Dell Computer Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-02-10] (Malwarebytes Corporation -> Malwarebytes) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.) S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45096 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2018-02-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R3 ruxaeh; system32\drivers\xadhkn.sys [X] S1 svhgbu; \??\C:\Users\User\AppData\Local\Temp\wmkopsgu.sys [X] <==== ATTENTION S4 zpxlteou; System32\drivers\dtbagxiu.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-10 21:56 - 2019-02-10 21:57 - 000019771 _____ C:\Users\User\Desktop\FRST.txt 2019-02-10 21:55 - 2019-02-10 21:56 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2019-02-10 19:25 - 2019-02-10 19:25 - 000148816 ____N C:\Windows\system32\Drivers\cwdbehlo.sys 2019-02-10 16:34 - 2019-02-10 20:47 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-02-10 12:06 - 2019-02-08 05:22 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-02-10 07:11 - 2019-02-10 09:07 - 000000000 ____D C:\Users\User\AppData\Local\aucvxph 2019-02-10 06:25 - 2019-02-10 06:25 - 000000001 _____ C:\jl14v5cyhl7j16s 2019-02-10 06:11 - 2019-02-10 09:05 - 000000000 ____D C:\Users\User\AppData\Local\atchlod 2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Roaming\c 2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Local\nvhtsum 2019-02-10 06:10 - 2019-02-10 21:04 - 002930176 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tisarmlsvc.exe 2019-02-10 06:10 - 2019-02-10 07:14 - 000000000 ____D C:\Windows\system32\sbdzcpg 2019-02-10 06:10 - 2019-02-10 06:10 - 000000000 ____D C:\Windows\SysWOW64\sbdzcpg 2019-02-10 06:09 - 2019-02-10 09:44 - 000000000 ____D C:\Program Files (x86)\twos 2019-02-10 06:09 - 2019-02-10 09:42 - 000000000 ____D C:\Program Files (x86)\Alarms 2019-02-10 06:09 - 2019-02-10 09:22 - 000000000 ____D C:\Program Files (x86)\Ate 2019-02-10 06:09 - 2019-02-10 07:49 - 000000000 ___HD C:\Program Files (x86)\Datas 2019-02-10 06:09 - 2019-02-10 06:31 - 000000000 ___HD C:\Program Files (x86)\regally 2019-02-10 06:09 - 2019-02-10 06:09 - 000004018 _____ C:\Windows\System32\Tasks\frowns 2019-02-10 06:09 - 2019-02-10 06:09 - 000003850 _____ C:\Windows\System32\Tasks\frownsfrowns 2019-02-10 06:09 - 2019-02-10 06:09 - 000000012 _____ C:\Windows\b16830528 2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Users\User\AppData\Roaming\et 2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Program Files (x86)\dispute 2019-02-09 23:32 - 2019-02-09 23:37 - 147980350 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.4.0.0_06.exe 2019-02-08 23:23 - 2019-02-10 06:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team 2019-02-08 22:55 - 2019-02-08 22:55 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2019-02-08 20:21 - 2019-02-08 20:21 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2019-02-08 20:21 - 2019-02-08 20:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2019-02-08 20:21 - 2019-02-08 20:21 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2019-02-08 20:21 - 2019-02-08 20:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2019-02-08 20:21 - 2019-02-08 20:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2019-02-08 20:21 - 2019-02-08 20:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2019-02-08 20:21 - 2019-02-08 20:21 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2019-02-08 20:21 - 2019-02-08 20:21 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2019-02-08 20:21 - 2019-02-08 20:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2019-02-08 05:23 - 2019-02-08 05:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2019-02-08 02:34 - 2018-02-12 19:25 - 3991994368 ____R C:\Users\User\Desktop\WINDOWS 7.ISO 2019-02-08 01:00 - 2019-02-10 06:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Tools 2019-02-08 00:43 - 2019-02-08 00:43 - 000000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat 2019-02-08 00:43 - 2019-02-08 00:43 - 000000000 ____D C:\RegBackup 2019-02-06 18:11 - 2019-02-06 18:11 - 000027750 _____ C:\Users\User\Desktop\9-Tundra-mod1.rar 2019-01-27 16:22 - 2019-01-27 16:22 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk 2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2019-01-27 16:22 - 2019-01-27 16:22 - 000000000 ____D C:\Program Files\iPod 2019-01-27 16:03 - 2019-01-27 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2019-01-16 19:58 - 2019-01-16 19:58 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-01-14 10:20 - 2019-02-08 05:21 - 000225680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw29e12adc2b8c9717.tmp ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-10 21:56 - 2018-12-26 21:18 - 000000000 ____D C:\FRST 2019-02-10 21:55 - 2018-10-12 19:53 - 002434048 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2019-02-10 21:39 - 2009-07-13 21:34 - 019922944 _____ C:\Windows\system32\config\HARDWARE 2019-02-10 21:14 - 2018-12-13 21:42 - 000004124 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-02-10 21:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-02-10 21:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-02-10 21:06 - 2018-12-31 16:39 - 000000000 ___RD C:\Users\User\iCloudDrive 2019-02-10 21:06 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi 2019-02-10 21:05 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles 2019-02-10 21:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-10 16:33 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-02-09 18:51 - 2009-07-14 00:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-02-09 03:23 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2019-02-08 23:24 - 2018-02-13 17:27 - 000000000 ____D C:\non-os 2019-02-08 22:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF 2019-02-08 22:15 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe 2019-02-08 20:32 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI 2019-02-08 20:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2019-02-08 20:31 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-02-08 05:22 - 2019-01-06 06:20 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\asw443d9d2111d838da.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 001034432 _____ (AVAST Software) C:\Windows\system32\Drivers\asw0ec810e572db70e0.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000474456 _____ (AVAST Software) C:\Windows\system32\Drivers\asw61d83fe3e44b787b.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswc2c8c8d7b6d1a30e.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000216784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6de9c98fa93beed4.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf2de3e954f522b31.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000167304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw4431cfb910cf5a66.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000112312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb7aab75563928aff.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000087944 _____ (AVAST Software) C:\Windows\system32\Drivers\asw69b0a75190eb61f4.tmp 2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-02-08 05:22 - 2018-12-13 21:41 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswd62f0572c9633b75.tmp 2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys 2019-02-08 05:21 - 2019-01-06 06:20 - 000320696 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82f59f0e603928a1.tmp 2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe8b6ba5a388d5e98.tmp 2019-02-08 05:21 - 2019-01-06 06:20 - 000196072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe628b91de3e0e70e.tmp 2019-02-08 05:21 - 2019-01-06 06:20 - 000057960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-02-08 05:00 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete 2019-02-02 19:53 - 2009-07-13 21:34 - 086769664 _____ C:\Windows\system32\config\software.rcbak 2019-02-02 19:53 - 2009-07-13 21:34 - 020447232 _____ C:\Windows\system32\config\system.rcbak 2019-02-02 19:53 - 2009-07-13 21:34 - 001572864 _____ C:\Windows\system32\config\default.rcbak 2019-02-02 19:53 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak 2019-02-02 19:53 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak 2019-02-02 19:52 - 2009-07-13 21:34 - 046661632 _____ C:\Windows\system32\config\components.rcbak 2019-02-02 18:26 - 2018-12-09 13:36 - 000000000 ____D C:\Program Files\Bonjour 2019-02-02 00:07 - 2018-02-13 18:20 - 000000000 ____D C:\Program Files\pia_manager 2019-01-20 06:40 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket 2019-01-17 06:03 - 2018-06-26 19:24 - 000000000 ____D C:\Users\User\AppData\Local\Apple Computer ==================== Files in the root of some directories ======= 2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat 2018-12-01 16:39 - 2018-12-01 16:39 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\cwdbehlo.sys -> Access Denied <======= ATTENTION LastRegBack: 2019-02-02 01:38 ==================== End of FRST.txt ============================