Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020 Ran by Eyeformatics (administrator) on EMRSERVERHPZ600 (Hewlett-Packard HP Z600 Workstation) (15-03-2020 20:59:15) Running from C:\Users\Eyeformatics\Desktop Loaded Profiles: VSRUSER & Eyeformatics & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: User & VSRUSER & Eyeformatics & Adminsitrator & Administrator & Guest & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS & Classic .NET AppPool & ConnectEHR AppPool & CQMsolution AppPool & DefaultAppPool & ConnectEHR Patient Portal AppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Bitvise Limited -> ) C:\Program Files\Bitvise SSH Server\BssCtrl.exe (Bitvise Limited -> Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Dynamic Health IT, Inc.) [File not signed] C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe (Dynamic Health IT, Inc.) [File not signed] C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsase.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsib.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmxdbc_listener.exe (FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\cwpc\fmscwpc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe (Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-03-14] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-08] (Luis Cobian, CobianSoft) [File not signed] HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [245064 2015-04-09] (Bitvise Limited -> Bitvise Limited) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [379824 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3866400975-1191489592-655960364-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-3866400975-1191489592-655960364-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-04] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) Lsa: [Authentication Packages] msv1_0 BvLsa ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D390859-4532-450F-9CE9-987B76B56DA0} - System32\Tasks\WeeklyMirror => C:\Users\Eyeformatics\Documents\mirrorffs.bat [105 2017-04-05] () [File not signed] Task: {113AB9EF-8A59-456D-BFF1-786240FFA24B} - System32\Tasks\Bitvise\Persistent BvSshServer Control Panel\S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Program Files\Bitvise SSH Server\BssCtrl.exe [4760368 2015-04-09] (Bitvise Limited -> ) Task: {1BB561B3-675E-42C4-8253-AE7D779AEE15} - System32\Tasks\G2MUpdateTask-S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Users\Eyeformatics\AppData\Local\GoToMeeting\8199\g2mupdate.exe Task: {2FEEF02C-DDC5-440C-8838-10265ECFBE9E} - System32\Tasks\FileSync DB => C:\Users\Eyeformatics\Documents\dailyffs.bat [115 2017-04-05] () [File not signed] Task: {30382559-196A-4774-8FE1-33D311F14759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {5DAE2818-5BE3-4A3A-B3FF-E49E7C6F4175} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-03-14] (Avast Software s.r.o. -> AVAST Software) Task: {83BC1EB2-B03C-452F-BBDC-0AE37FCA99A4} - System32\Tasks\fmserestart => C:\Users\Eyeformatics\Desktop\restartfmse.bat [73 2018-08-21] () [File not signed] Task: {973B6504-985B-4B53-B3D8-9882BEAF6CD5} - System32\Tasks\Run Hl7 Batch => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed] Task: {BD5FC1CA-5A56-4501-84E6-5B64BBD08869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-11-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {C0FEAFF2-9223-4E77-A0B8-ECFB1FECAA1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {C31D4ACD-A586-44F0-ACA0-47A6F484B23F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd -> Piriform Ltd) Task: {CD242EF6-7379-46DB-AED6-8DCCC6AA6A4E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-03-15] (Avast Software s.r.o. -> Avast Software) Task: {E4404C67-0974-46D2-ACFD-699D03D4361D} - System32\Tasks\hl7 Grab Messages => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.) Tcpip\..\Interfaces\{385993E2-FCF6-42E8-989B-34FDF866CEFA}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{5FCA3713-F36F-4F94-BA68-BA1AF0357EF2}: [DhcpNameServer] 167.206.112.138 167.206.7.4 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1] Internet Explorer: ================== HKU\S-1-5-21-3866400975-1191489592-655960364-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) FireFox: ======== FF DefaultProfile: y1n7dfxv.default FF ProfilePath: C:\Users\Eyeformatics\AppData\Roaming\Mozilla\Firefox\Profiles\y1n7dfxv.default [2020-03-15] FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default [2020-03-13] CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (Google Drive) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19] CHR Extension: (YouTube) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19] CHR Extension: (Google Docs Offline) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-07] CHR Extension: (Gmail) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-26] CHR Extension: (Chrome Media Router) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-03] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> AMD) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [14359408 2015-04-09] (Bitvise Limited -> Bitvise Limited) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-08] (Luis Cobian, CobianSoft) [File not signed] R2 ConnectEHR_Agent; C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe [49152 2014-09-25] (Dynamic Health IT, Inc.) [File not signed] R2 CQMsolution_Agent; C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe [23552 2014-09-17] (Dynamic Health IT, Inc.) [File not signed] R2 FileMaker Server; C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe [379224 2014-11-11] (FileMaker, Inc -> FileMaker, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-01-20] (SurfRight B.V. -> SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-25] (Malwarebytes Inc -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation -> Microsoft Corporation) R3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1113008 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) R2 ReportServer$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation -> Microsoft Corporation) S2 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13206544 2020-03-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [326656 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37864 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205576 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [271120 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206608 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [64272 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279360 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42976 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175400 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110560 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84056 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848672 2020-03-14] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [458584 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [235184 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316256 2020-03-14] (Avast Software s.r.o. -> AVAST Software) S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-02-18] (Malwarebytes Corporation -> Malwarebytes) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-03-13] (SurfRight B.V. -> ) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-18] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-03-15] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-03-15] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-03-15] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [109168 2020-03-15] (Malwarebytes Inc -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-15 20:59 - 2020-03-15 21:00 - 000024517 _____ C:\Users\Eyeformatics\Desktop\FRST.txt 2020-03-15 20:24 - 2020-03-15 20:24 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-03-15 20:24 - 2020-03-15 20:24 - 000109168 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-03-15 20:24 - 2020-03-15 20:24 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-03-15 20:22 - 2020-03-15 20:22 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-03-15 16:52 - 2020-03-15 20:56 - 000055336 _____ C:\Users\Eyeformatics\Desktop\Fixlog.txt 2020-03-14 09:59 - 2020-03-14 09:59 - 000002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2020-03-14 09:59 - 2020-03-14 09:59 - 000002075 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2020-03-14 09:59 - 2020-03-14 09:59 - 000000000 ____D C:\Users\Eyeformatics\AppData\Roaming\AVAST Software 2020-03-14 09:59 - 2020-03-14 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2020-03-14 09:58 - 2020-03-14 09:58 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software 2020-03-14 09:57 - 2020-03-14 09:58 - 000458584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000848672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000368056 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2020-03-14 09:57 - 2020-03-14 09:57 - 000316256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000279360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000271120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000235184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000206608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000205576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000175400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000110560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000084056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000042976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000037864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2020-03-14 09:57 - 2020-03-14 09:57 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2020-03-14 09:57 - 2020-03-14 09:57 - 000000000 ____D C:\Program Files\AVAST Software 2020-03-13 21:57 - 2020-03-13 21:57 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2020-03-13 21:57 - 2020-03-13 21:57 - 000000000 ____D C:\Users\VSRUSER\AppData\Local\mbamtray 2020-03-13 14:42 - 2020-03-13 14:42 - 000008184 _____ C:\Windows\CleanMem Uninstall Log.txt 2020-03-13 14:38 - 2020-03-14 08:56 - 000001758 _____ C:\Users\Eyeformatics\Desktop\rtp.txt 2020-03-13 11:08 - 2020-03-13 10:52 - 002279936 _____ (Farbar) C:\Users\Eyeformatics\Desktop\FRST64 (1).exe 2020-02-18 21:09 - 2020-02-18 21:09 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-15 21:00 - 2018-01-23 20:01 - 000000000 ____D C:\FRST 2020-03-15 20:31 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-03-15 20:31 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-03-15 20:28 - 2009-07-14 01:13 - 000998798 _____ C:\Windows\system32\PerfStringBackup.INI 2020-03-15 20:28 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2020-03-15 20:22 - 2014-12-23 15:21 - 000000000 ____D C:\Users\MSSQLFDLauncher$SQLEXPRESS 2020-03-15 20:21 - 2017-04-25 14:58 - 000000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2020-03-15 20:21 - 2014-12-20 13:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-03-15 20:21 - 2013-06-18 15:00 - 000000000 ____D C:\ProgramData\NVIDIA 2020-03-15 20:21 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-03-15 17:04 - 2015-03-04 16:02 - 000000600 _____ C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd 2020-03-14 09:56 - 2018-01-26 17:40 - 000000000 ____D C:\ProgramData\AVAST Software 2020-03-14 09:27 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2020-03-13 22:12 - 2018-01-24 20:22 - 000013994 _____ C:\VEW.txt 2020-03-13 21:57 - 2018-08-01 08:49 - 000000000 ____D C:\Users\VSRUSER\AppData\Local\TeamViewer 2020-03-13 21:57 - 2014-12-19 14:34 - 000058016 _____ C:\Users\VSRUSER\AppData\Local\GDIPFONTCACHEV1.DAT 2020-03-13 15:09 - 2017-04-03 20:21 - 000000980 _____ C:\Users\Public\Desktop\FreeFileSync.lnk 2020-03-13 15:09 - 2017-04-03 20:21 - 000000980 _____ C:\ProgramData\Desktop\FreeFileSync.lnk 2020-03-13 15:09 - 2017-04-03 20:21 - 000000956 _____ C:\Users\Public\Desktop\RealTimeSync.lnk 2020-03-13 15:09 - 2017-04-03 20:21 - 000000956 _____ C:\ProgramData\Desktop\RealTimeSync.lnk 2020-03-13 15:09 - 2017-03-07 17:33 - 000000913 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2020-03-13 15:09 - 2017-03-07 17:33 - 000000913 _____ C:\ProgramData\Desktop\CPUID CPU-Z.lnk 2020-03-13 11:11 - 2018-01-23 20:14 - 000042487 _____ C:\Users\Eyeformatics\Desktop\Additiona.txt 2020-03-13 11:11 - 2018-01-23 20:10 - 000030381 _____ C:\Users\Eyeformatics\Desktop\FRSTa.txt 2020-03-12 01:11 - 2015-04-28 07:23 - 000000000 ____D C:\Users\Administrator 2020-03-12 01:11 - 2014-12-24 10:37 - 000000000 ____D C:\Users\ConnectEHR AppPool 2020-03-12 01:11 - 2014-12-24 10:25 - 000000000 ____D C:\Users\ConnectEHR Patient Portal AppPool 2020-03-12 01:11 - 2014-12-24 10:24 - 000000000 ____D C:\Users\CQMsolution AppPool 2020-03-12 01:11 - 2014-12-23 15:39 - 000000000 ____D C:\Users\Classic .NET AppPool 2020-03-12 01:11 - 2014-12-23 14:42 - 000000000 ____D C:\Users\DefaultAppPool 2020-03-10 14:10 - 2017-04-05 11:19 - 000003612 _____ C:\Windows\system32\Tasks\WeeklyMirror 2020-03-10 13:20 - 2014-12-22 15:12 - 000000000 ____D C:\Users\Guest 2020-03-04 16:57 - 2014-12-19 16:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-03-03 14:02 - 2015-03-04 15:07 - 000000000 ____D C:\HL7 2020-03-02 17:00 - 2017-01-09 15:50 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\ElevatedDiagnostics 2020-03-02 17:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF 2020-02-24 08:24 - 2019-11-25 08:47 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\cache 2020-02-18 21:08 - 2019-11-11 08:44 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======== 2015-04-24 08:20 - 2015-04-24 08:18 - 000000022 _____ () C:\Users\SuperContainer\get all files recursive.bat 2017-04-24 18:15 - 2018-08-17 14:41 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\PUTTY.RND 2015-03-04 16:02 - 2020-03-15 17:04 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd 2015-04-16 12:44 - 2019-11-19 08:50 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Local\PUTTY.RND 2015-04-20 15:23 - 2019-01-29 16:53 - 000007604 _____ () C:\Users\Eyeformatics\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-03-08 01:08 ==================== End of FRST.txt ========================