Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01 Ran by SYSTEM on MININT-GCV0ILN (18-07-2019 13:36:16) Running from F:\ Platform: Windows 10 Home Single Language Version 1809 17763.1 (X64) Language: English (United States) Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1923008 2017-09-18] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1233920 2017-11-14] (ASUSTeK COMPUTER INC.) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3465608 2017-09-30] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-03] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [269312 2018-09-14] (Microsoft Windows -> Microsoft Corporation) HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation) HKU\Winson\...\Run: [GoogleChromeAutoLaunch_CD4000C31A87C4AB51AF348EE25F0D6B] => C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe [1527808 2018-09-18] (The Chromium Authors) HKU\Winson\...\Policies\Explorer: [NoSecurityTab] 1 HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-25] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-25] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-25] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-25] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-25] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-25] (Bandicam Company -> ) BootExecute: autocheck autochk * aswBoot.exe /M:9bb82eec4 /dir:"C:\Program Files\AVAST Software\Avast" ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3C59A376-99EE-4F3A-9968-713C9866D7C3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation) Task: {3EC64BBD-734F-4EE0-A19F-E542CC7F8452} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2038320 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) Task: {46C98367-C989-4012-8608-BB92CF350869} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.26323.1 => D:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VSIXAutoUpdate.exe [179320 2018-08-31] (Microsoft Corporation -> Microsoft Corporation) Task: {6FB1A672-722C-44D6-AD0F-2E7F0B97AEF1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) Task: {71940D5A-37C6-47FF-93ED-63FCBDAEC2D3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation) Task: {826D7383-1261-4B53-B4A8-1F768210CAC6} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2017-11-14] (ASUSTeK COMPUTER INC.) Task: {9AB5CC6B-766F-4163-885A-BF0D0A147D6D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation) Task: {9ADF4456-0DBA-496C-8F41-EE1991487D1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4544064 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {9BCAB8FA-ECD1-40BE-8E63-6CE6F1E0223C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {A4D6CC94-DFC2-47EC-9B99-65E8E90BD1E1} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1233920 2017-11-14] (ASUSTeK COMPUTER INC.) Task: {C2672ACC-9163-4E11-987F-05DB5253D507} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4544064 2019-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {CBC1377E-1686-4535-9423-FFEC8C522809} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3012488 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) Task: {CEF949A7-C7DC-451F-8B41-0A6882C34D3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [438272 2018-09-14] () Task: {EDF6097A-44C8-47D0-8CDA-AFF39E0A59EB} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) Task: {FAB428A3-1FED-4583-B605-E70A386FBE43} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-05-18] (Adobe Inc. -> Adobe Inc.) S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-03] (Adobe Inc. -> Adobe Systems, Incorporated) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-03] (Adobe Inc. -> Adobe Systems, Incorporated) S2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [367728 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10285680 2019-07-09] (AVAST Software s.r.o. -> AVAST Software) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-25] (Microsoft Corporation -> Microsoft Corporation) S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> ) S2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [273880 2017-10-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) S2 ibtsiva; C:\Windows\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) S4 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-25] (Malwarebytes Corporation -> Malwarebytes) S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [485048 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] (Intel(R) Wireless Connectivity Solutions -> ) S2 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [31744 2017-09-11] (ASUSTeK COMPUTER INC.) S2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [73736 2019-02-14] (Monotype Imaging Inc. -> Monotype Imaging Inc.) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [578744 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [246968 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] () S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation -> Microsoft Corporation) S3 wampapache64; c:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe [29696 2018-09-19] (Apache Software Foundation) S3 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.3.9\bin\mysqld.exe [15788968 2018-08-13] (MariaDB Corporation Ab -> ) S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.23\bin\mysqld.exe [39626752 2018-06-07] () S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation) S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-05-11] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [16384 2018-09-14] (Microsoft Corporation) S1 afunix; C:\Windows\system32\drivers\afunix.sys [40960 2018-09-14] (Microsoft Corporation) S1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-09-14] (Microsoft Corporation) S1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [288256 2018-09-14] (Microsoft Corporation) S3 AiCharger; C:\Windows\system32\DRIVERS\AiCharger.sys [29312 2016-11-14] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2018-09-14] (Microsoft Corporation) S3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [100752 2017-08-15] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-07-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512048 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [53904 2019-07-17] (AVAST Software s.r.o. -> The OpenVPN Project) S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-07-17] (AVAST Software s.r.o. -> AVAST Software) S1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) S1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2018-09-14] (Microsoft Corporation) S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [111104 2018-09-14] (Microsoft Corporation) S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [119808 2018-09-14] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [90624 2018-09-14] (Microsoft Corporation) S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [34816 2018-09-14] (Microsoft Corporation) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [72192 2018-09-14] (Microsoft Corporation) S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1219072 2018-09-14] (Microsoft Corporation) S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [92672 2018-09-14] (Microsoft Corporation) S3 circlass; C:\Windows\System32\drivers\circlass.sys [50688 2018-09-14] (Microsoft Corporation) S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [452096 2018-09-14] (Microsoft Corporation) S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [60416 2018-09-14] (Microsoft Corporation) S1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2018-09-14] (Microsoft Corporation) S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [118272 2018-09-14] (Microsoft Corporation) S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2018-09-14] (Microsoft Corporation) S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [60928 2018-09-14] (Microsoft Corporation) S3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-05-02] (ASUSTeK Computer Inc. -> ASUS) S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [27648 2018-09-14] (Microsoft Corporation) S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70632 2017-06-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [45568 2018-09-14] (Microsoft Corporation) S2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37912 2017-04-18] (Intel Corporation -> Intel Corporation) S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2018-09-14] (Microsoft Corporation) S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [224768 2018-09-14] (Microsoft Corporation) S3 IPT; C:\Windows\System32\drivers\ipt.sys [42496 2018-09-14] (Microsoft Corporation) S3 irda; C:\Windows\system32\drivers\irda.sys [124928 2018-09-14] (Microsoft Corporation) S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [20992 2018-09-14] (Microsoft Corporation) S2 lltdio; C:\Windows\System32\drivers\lltdio.sys [71680 2018-09-14] (Microsoft Corporation) S2 luafv; C:\Windows\system32\drivers\luafv.sys [135680 2018-09-14] (Microsoft Corporation) S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-17] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-17] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-17] (Malwarebytes Corporation -> Malwarebytes) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-17] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-07-17] (Malwarebytes Corporation -> Malwarebytes) S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [290816 2018-09-14] (Microsoft Corporation) S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-14] (Microsoft Corporation) S3 Modem; C:\Windows\System32\drivers\modem.sys [46080 2018-09-14] (Microsoft Corporation) S3 monitor; C:\Windows\System32\drivers\monitor.sys [61952 2018-09-14] (Microsoft Corporation) S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2018-09-14] (Microsoft Corporation) S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [126464 2018-09-14] (Microsoft Corporation) S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2018-09-14] (Microsoft Corporation) S2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [81920 2018-09-14] (Microsoft Corporation) S3 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [55808 2018-09-14] (Microsoft Corporation) S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [134656 2018-09-14] (Microsoft Corporation) S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [132096 2018-09-14] (Microsoft Corporation) S1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [79504 2017-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8723968 2018-09-14] (Intel Corporation) S3 npcap; C:\Windows\system32\DRIVERS\npcap.sys [81688 2018-03-02] (Insecure.Com LLC -> Insecure.Com LLC.) S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_9b1341e92276ee7c\nvlddmkm.sys [17213616 2018-10-14] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-18] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-09-18] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-09-18] (NVIDIA Corporation -> NVIDIA Corporation) S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [816640 2018-09-14] (Microsoft Corporation) S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [85504 2018-09-14] (Microsoft Corporation) S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2018-09-14] (Microsoft Corporation) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-22] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider) S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2018-09-14] (Microsoft Corporation) S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28160 2018-09-14] (Microsoft Corporation) S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [166912 2018-09-14] (Microsoft Corporation) S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [202240 2018-09-14] (Microsoft Corporation) S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [108032 2018-09-14] (Microsoft Corporation) S4 RsFx0500; C:\Windows\System32\DRIVERS\RsFx0500.sys [261848 2017-08-22] (Microsoft Corporation -> Microsoft Corporation) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [329184 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2018-09-14] (Microsoft Corporation) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2017-04-11] (Realtek Semiconductor Corp. -> Realtek ) S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [9216 2018-09-14] (Microsoft Corporation) S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2018-09-14] (Microsoft Corporation) S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [66560 2018-09-14] (Microsoft Corporation) S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54272 2018-09-14] (Microsoft Corporation) S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [64512 2018-09-14] (Microsoft Corporation) S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [35840 2018-09-14] (Microsoft Corporation) S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [124416 2018-09-14] (Microsoft Corporation) S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [146944 2018-09-14] (Microsoft Corporation) S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [162304 2018-09-14] (Microsoft Corporation) S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [61440 2018-09-14] (Microsoft Corporation) S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-14] (Microsoft Corporation) S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-14] (Microsoft Corporation) S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [106496 2018-09-14] (Microsoft Corporation) S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [29184 2018-09-14] (Microsoft Corporation) S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [48640 2018-09-14] (Microsoft Corporation) S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [87040 2018-09-14] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [240128 2018-09-14] (Microsoft Corporation) S3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [95744 2018-09-14] (Microsoft Corporation) S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [134656 2018-09-14] (Microsoft Corporation) S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [282112 2018-09-14] (Microsoft Corporation) S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [282112 2018-09-14] (Microsoft Corporation) S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [317440 2018-09-14] (Microsoft Corporation) S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [48128 2018-09-14] (Microsoft Corporation) S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation -> Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-18 13:36 - 2019-07-18 13:36 - 000000000 ____D C:\FRST 2019-07-18 11:56 - 2019-07-18 11:56 - 000000000 ___HD C:\$SysReset 2019-07-17 18:54 - 2019-07-17 18:54 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-17 18:54 - 2019-07-17 18:54 - 000000000 ____D C:\Users\Winson\AppData\Local\mbamtray 2019-07-17 18:54 - 2019-07-17 18:54 - 000000000 ____D C:\Users\Winson\AppData\Local\mbam 2019-07-17 18:54 - 2019-07-17 18:54 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-17 18:54 - 2019-07-17 18:54 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-17 06:06 - 2019-07-17 06:20 - 000000000 ____D C:\Users\Winson\AppData\Roaming\AVAST Software 2019-07-17 06:06 - 2019-07-17 06:06 - 000000000 ___HD C:\$AV_ASW 2019-07-17 06:06 - 2019-07-17 06:06 - 000000000 ____D C:\Users\Winson\AppData\Local\AVAST Software 2019-07-17 06:05 - 2019-07-17 06:05 - 000000000 ____D C:\Program Files\AVAST Software 2019-07-17 06:03 - 2019-07-17 06:19 - 000000000 ____D C:\ProgramData\AVAST Software 2019-07-17 05:35 - 2019-07-17 05:35 - 000000258 __RSH C:\Users\Winson\ntuser.pol 2019-07-17 05:22 - 2019-07-17 19:03 - 000000000 ____D C:\Users\Winson\AppData\Roaming\1337 2019-07-17 05:22 - 2019-07-17 05:22 - 000000000 ____D C:\ProgramData\Lamia 2019-07-17 04:12 - 2019-07-17 04:12 - 000000000 ____D C:\inetpub 2019-07-17 04:06 - 2019-07-17 05:36 - 000722944 _____ C:\Users\Winson\AppData\Local\sha.db 2019-07-17 04:06 - 2019-07-17 04:06 - 000140800 _____ C:\Users\Winson\AppData\Local\installer.dat 2019-07-17 04:06 - 2019-07-17 04:06 - 000126464 _____ C:\Users\Winson\AppData\Local\lobby.dat 2019-07-17 04:06 - 2019-07-17 04:06 - 000054272 _____ C:\Users\Winson\AppData\Local\ApplicationHosting.dat 2019-07-10 08:06 - 2019-07-10 08:06 - 000000847 _____ C:\Users\Public\Desktop\TemplateToaster 6.lnk 2019-07-10 07:39 - 2019-07-10 08:47 - 000000000 ____D C:\Users\Winson\AppData\Roaming\TemplateToaster 2019-07-10 07:30 - 2019-07-10 07:31 - 000000000 ____D C:\ProgramData\TemplateToaster 2019-07-07 17:49 - 2019-07-07 17:49 - 000000000 ___HD C:\ProgramData\CanonBJ ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-07-18 13:17 - 2018-09-15 01:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-07-18 13:17 - 2018-09-14 23:33 - 000000000 ___RD C:\Program Files\Windows Defender 2019-07-18 11:25 - 2018-09-14 23:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-07-17 19:07 - 2019-06-06 00:16 - 000000000 ____D C:\Users\Winson\AppData\Roaming\DMCache 2019-07-17 07:36 - 2018-04-06 07:30 - 000000000 ____D C:\ProgramData\{C519007A-4F5B-8ABC-C99D-14FE53DF9F30} 2019-07-17 07:25 - 2018-05-20 07:26 - 000000000 ____D C:\Users\Winson\AppData\Local\D3DSCache 2019-07-17 06:58 - 2018-07-27 05:20 - 000002363 _____ C:\Users\Winson\Desktop\Postman.lnk 2019-07-17 06:58 - 2018-05-11 21:43 - 000002197 _____ C:\Users\Winson\Desktop\BlueJeans.lnk 2019-07-17 06:25 - 2019-06-05 23:53 - 000000000 ____D C:\Users\Winson\Downloads\Compressed 2019-07-17 06:24 - 2018-11-21 07:31 - 000000000 ____D C:\Users\Winson\AppData\Local\CrashDumps 2019-07-17 06:24 - 2018-11-01 07:55 - 000000000 ____D C:\Users\Winson\AppData\Roaming\FileZilla 2019-07-17 06:24 - 2018-07-12 06:59 - 000000000 ____D C:\Users\Winson\AppData\Roaming\TeamViewer 2019-07-17 06:24 - 2018-03-18 10:07 - 000000000 ____D C:\ProgramData\NVIDIA 2019-07-17 05:45 - 2018-09-14 23:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-07-17 05:35 - 2018-03-18 10:15 - 000000000 __SHD C:\Users\Winson\IntelGraphicsProfiles 2019-07-17 05:28 - 2018-01-31 18:58 - 000000000 ____D C:\Program Files\ASUS 2019-07-17 05:23 - 2019-04-15 07:28 - 000000258 __RSH C:\ProgramData\ntuser.pol 2019-07-17 04:22 - 2018-12-15 00:52 - 000000000 ____D C:\Users\Winson\AppData\Roaming\Telegram Desktop 2019-07-17 04:19 - 2018-05-20 05:32 - 000000000 ____D C:\Users\Winson\AppData\Local\Adobe 2019-07-17 04:02 - 2018-03-18 10:16 - 000000219 _____ C:\Users\Winson\AppData\Roaming\sp_data.sys 2019-07-16 07:35 - 2019-04-22 07:20 - 000000000 ____D C:\Users\Winson\AppData\Local\GrammarlyForWindows 2019-07-15 05:29 - 2018-03-18 10:15 - 000000000 ____D C:\Users\Winson\AppData\Local\Packages 2019-07-13 22:30 - 2019-03-20 07:08 - 000000000 ____D C:\Users\Winson\Downloads\Telegram Desktop 2019-07-13 07:05 - 2018-08-31 07:27 - 000000000 ____D C:\Users\Winson\Documents\Visual Studio 2017 2019-07-12 05:57 - 2019-06-12 01:37 - 000000000 ____D C:\Users\Winson\AppData\Local\Deployment 2019-07-11 06:25 - 2018-03-18 10:17 - 000000000 ___RD C:\Users\Winson\OneDrive 2019-07-10 05:40 - 2018-08-05 02:49 - 000000000 ____D C:\Users\Winson\AppData\Roaming\Code 2019-07-10 05:39 - 2018-08-05 02:45 - 000000000 ____D C:\Program Files\Microsoft VS Code ==================== FLock ================ 2019-07-17 21:28 C:\hiberfil.sys ==================== KnownDLLs (Whitelisted) ========================= ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2018-09-14 23:28] - [2018-09-14 23:28] - 004245072 _____ (Microsoft Corporation) 6A65873EA949C5CCC72DDEF9E9780AA5 C:\Windows\SysWOW64\explorer.exe [2018-09-14 23:28] - [2018-09-14 23:28] - 003730144 _____ (Microsoft Corporation) 28A9327CEAE2C05328FDA23B2A25D454 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2018-09-14 23:28] - [2018-09-14 23:28] - 001664688 _____ (Microsoft Corporation) 7E2D956634CD227D2ABCBB9F62EC93F0 C:\Windows\SysWOW64\User32.dll [2018-09-14 23:29] - [2018-09-14 23:29] - 001675200 _____ (Microsoft Corporation) 00EDBD248A65EF045B4C9C37676A5475 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2018-09-14 23:28] - [2018-09-14 23:28] - 001211904 _____ (Microsoft Corporation) 0AED07F28B0B0820C9895656FE67FD1C C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\dllhost.exe => MD5 is legit C:\Windows\SysWOW64\dllhost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2019-07-18 11:50 ==================== Memory info =========================== Percentage of memory in use: 6% Total physical RAM: 20363.89 MB Available physical RAM: 18959.12 MB Total Virtual: 20363.89 MB Available Virtual: 19006.68 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:25.49 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:735.99 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.39 GB) NTFS Drive f: (Windows 10 1809) (Removable) (Total:7.45 GB) (Free:3.87 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS \\?\Volume{7598813d-4806-45b4-b020-4b9e638e8797}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 3CD1437C) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 40C71973) Partition: GPT. ======================================================== Disk: 2 (Size: 7.5 GB) (Disk ID: 9F713C0B) Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS) ==================== End of FRST.txt ============================