View Single Post
  #4  
Old December 31st, 2020, 10:50 PM
bot96 bot96 is offline
Senior Member
 
Join Date: Jun 2012
Posts: 201
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Bill (administrator) on BILL-PC (TOSHIBA Satellite C55-B) (31-12-2020 16:45:00)
Running from C:\Users\Bill\Downloads
Loaded Profiles: Bill
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3244360 2014-03-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117352 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2019-02-22] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\windows\system32\hpinkstsC511LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\windows\system32\HPDiscoPMC511.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\Toshiba Bluetooth Monitor: C:\windows\system32\tbtmon.dll [202752 2013-03-07] (TOSHIBA CORPORATION.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-01] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2020-11-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-11-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2020-11-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2020-12-31]
ShortcutAndArgument: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\windows\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN4CN254VN05X4;CONNECTION=USB;MONITOR =1;
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BD661C-8CCE-4297-9F65-EDEF641302BB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-11-09] (Avast Software s.r.o. -> Avast Software)
Task: {3B38BE87-AB2F-42F5-9683-01C5864737A0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {74C7839B-9C97-4CA4-A9D9-D146655E62DA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9C7427AA-7B02-4D98-8439-FE55CE90E431} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {AFC47425-9E73-4F83-BF8B-C3E3C0F269F2} - System32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {C5C415D7-D07C-49BF-B0CD-2BE55C268C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C906ADDC-CED4-48F5-BE68-7FC205E37EB2} - System32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {D8EFBA13-95B1-47A8-8A54-2134A92B7F4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [250056 2020-11-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EBE9EC74-2543-49FD-82D4-296A9DE813F7} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{CA6723CF-4502-44B2-BA46-EEF1E1E35062}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{D50CDFAA-879D-4F62-8B34-003DCAD5A57C}: [DhcpNameServer] 192.168.42.129

Edge:
======
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-29]

FireFox:
========
FF DefaultProfile: 74j3dfas.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\74j3dfas.default [2020-11-09]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268 [2020-12-31]
FF Homepage: Mozilla\Firefox\Profiles\dfnhqdrp.default-release-1609205945268 -> hxxps://duckduckgo.com/
FF Extension: (Facebook Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-facebook.xpi [2020-12-28]
FF Extension: (Google Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-google.xpi [2020-12-28]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-12-28]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-28]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1 .dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2020-12-29]
CHR DefaultSearchURL: Default -> hxxps://www.saferbrowsing-search.com/search/?category=web&vert=private&s=w1pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> privacy
CHR DefaultSuggestURL: Default -> hxxps://sug.saferbrowsing-search.com/v1/sug/?s=w1pr&vert=tracking&q={searchTerms}
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-11-09]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-11-09]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-11-09]
CHR Extension: (Online Privacy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbnbdniloknhbmabbbaiodiocm gfdheo [2020-12-01]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-11-09]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2020-11-09]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-11-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [250056 2020-11-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2019-02-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2019-02-22] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-11-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [47816 2014-02-26] (Qualcomm Atheros -> Atheros)
S1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614050.028\ccS etx64.sys [192248 2020-08-01] (Symantec Corporation -> Symantec Corporation)
R3 RSP2STOR; C:\windows\System32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614050.028\SYM EFASI64.SYS [1964384 2020-08-01] (Symantec Corporation -> Symantec Corporation)
S3 Tosrfcom; no ImagePath
U1 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\windows\system32\drivers\mbae64.sys [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \??\C:\windows\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-31 16:41 - 2020-12-31 16:43 - 000027535 _____ C:\Users\Bill\Downloads\Addition.txt
2020-12-31 16:37 - 2020-12-31 16:46 - 000019112 _____ C:\Users\Bill\Downloads\FRST.txt
2020-12-31 16:36 - 2020-12-31 16:45 - 000000000 ____D C:\FRST
2020-12-31 16:36 - 2020-12-31 16:36 - 002286592 _____ (Farbar) C:\Users\Bill\Downloads\FRST64.exe
2020-12-28 21:08 - 2020-12-28 21:09 - 000000000 ___SD C:\fc
2020-12-28 19:37 - 2020-12-28 19:37 - 000000000 ____D C:\Users\Bill\Downloads\backups
2020-12-25 15:03 - 2020-12-25 15:03 - 000051807 _____ C:\Users\Bill\Documents\Little acorn 3 storm 1 storm..pdf
2020-12-22 18:44 - 2020-12-22 20:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-21 20:44 - 2020-12-21 20:44 - 000232596 _____ C:\Users\Bill\Documents\Black truck battery reciept..pdf
2020-12-21 20:42 - 2020-12-21 20:42 - 000051058 _____ C:\Users\Bill\Documents\Napa Battery Black truck..pdf
2020-12-20 17:54 - 2020-12-20 18:02 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2020-12-20 17:54 - 2020-12-20 18:02 - 000000000 ____D C:\ProgramData\HitmanPro
2020-12-19 20:08 - 2020-12-19 20:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\Bill\Downloads\HijackThis.exe
2020-12-19 19:42 - 2020-12-19 19:44 - 200074296 _____ (Malwarebytes) C:\Users\Bill\Downloads\MBSetup-0000870.0000870-4.2.3.203-1.0.1122-1.0.33326.exe
2020-12-18 19:38 - 2020-12-18 19:38 - 000051333 _____ C:\Users\Bill\Documents\105 little acorn dr. soffit and paper..pdf
2020-12-17 19:49 - 2020-12-17 19:49 - 000052493 _____ C:\Users\Bill\Documents\OOIR Nags Head slider door remove install..pdf
2020-12-16 16:55 - 2020-12-16 16:55 - 003962616 _____ C:\Users\Bill\Downloads\EN4500_2025A.exe
2020-12-16 16:50 - 2020-12-16 16:50 - 000000000 ____D C:\Users\Bill\Documents\HpReg_Backup
2020-12-16 16:46 - 2020-12-16 16:46 - 000002187 _____ C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
2020-12-16 16:46 - 2020-12-16 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-12-16 16:46 - 2014-07-21 16:31 - 000763912 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMC511.dll
2020-12-16 16:45 - 2020-12-16 16:45 - 000000000 ____D C:\Program Files\HP
2020-12-16 16:41 - 2020-12-16 16:42 - 000000000 ____D C:\windows\system32\appmgmt
2020-12-16 16:07 - 2020-12-16 16:07 - 000051476 _____ C:\Users\Bill\Documents\107 Becker St. door install and others..pdf
2020-12-16 06:43 - 2020-12-16 06:42 - 000340576 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2020-12-16 06:42 - 2020-12-16 06:42 - 000216984 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2020-12-10 17:24 - 2020-12-10 17:24 - 000912993 _____ C:\Users\Bill\Downloads\D30-D44-Hardcore-Locking-Hubs-Install-Manual.pdf
2020-12-10 17:21 - 2020-12-10 17:22 - 002701633 _____ C:\Users\Bill\Downloads\Dana 60 Manual (Front Axle).pdf
2020-12-10 17:02 - 2020-12-10 17:03 - 001068053 _____ C:\Users\Bill\Downloads\CAD-Delete-Installation-Instructions-1994-1999.pdf
2020-12-09 18:29 - 2020-12-09 18:29 - 000051513 _____ C:\Users\Bill\Documents\105 Little Acorn Dr Framing..pdf
2020-12-08 18:03 - 2020-12-08 18:03 - 000169053 _____ C:\Users\Bill\Documents\10 Blue pete Ct. inside framing..pdf
2020-12-06 20:48 - 2020-12-06 20:48 - 009676657 _____ C:\Users\Bill\Downloads\2000Ramparts.pdf
2020-12-06 18:39 - 2020-12-06 18:40 - 000545401 _____ C:\Users\Bill\Downloads\GetStatementPdf(1)
2020-12-06 18:38 - 2020-12-06 18:38 - 000545460 _____ C:\Users\Bill\Downloads\GetStatementPdf
2020-12-06 18:32 - 2020-12-06 18:33 - 000125942 _____ C:\Users\Bill\Downloads\Statement58852415.pdf
2020-12-06 18:29 - 2020-12-06 18:29 - 000138891 _____ C:\Users\Bill\Downloads\Statement58880825.pdf
2020-12-06 18:22 - 2020-12-06 18:22 - 001384453 _____ C:\Users\Bill\Downloads\Discover-Statement-20201116-1294.pdf
2020-12-06 18:18 - 2020-12-06 18:18 - 000142112 _____ C:\Users\Bill\Downloads\fqU4yKRm.pdf
2020-12-06 18:15 - 2020-12-06 18:16 - 000144142 _____ C:\Users\Bill\Downloads\TcUNGpRc.pdf
2020-12-05 18:01 - 2020-12-05 18:01 - 012328924 _____ C:\Users\Bill\Downloads\platform-tools_r30.0.5-windows.zip
2020-12-05 18:01 - 2020-12-05 18:01 - 000000000 ____D C:\Users\Bill\Downloads\platform-tools_r30.0.5-windows
2020-12-03 18:58 - 2020-12-03 18:58 - 000000000 ____D C:\Users\Bill\AppData\Roaming\WinBatch
2020-12-01 21:15 - 2020-12-01 21:15 - 000336767 _____ C:\Users\Bill\Documents\roof estimate.5401..pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-31 16:44 - 2020-11-24 22:36 - 000000000 ____D C:\Program Files\CCleaner
2020-12-31 16:38 - 2020-11-09 17:35 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2020-12-31 16:38 - 2009-07-13 23:45 - 000043728 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-12-31 16:38 - 2009-07-13 23:45 - 000043728 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-12-31 16:36 - 2020-11-09 18:01 - 000000000 ____D C:\ProgramData\Avast Software
2020-12-31 16:35 - 2020-11-09 17:35 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-31 16:34 - 2009-07-14 00:13 - 000781458 _____ C:\windows\system32\PerfStringBackup.INI
2020-12-31 16:34 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2020-12-31 16:29 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-12-30 18:34 - 2009-07-14 00:08 - 000032562 _____ C:\windows\Tasks\SCHEDLGU.TXT
2020-12-30 18:11 - 2014-05-20 10:29 - 000000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2020-12-29 19:10 - 2020-11-10 20:15 - 000001045 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-29 19:10 - 2020-11-10 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-28 21:11 - 2020-11-13 20:44 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2020-12-28 17:58 - 2020-11-09 18:05 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2020-12-26 19:12 - 2020-11-26 16:34 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2020-12-26 19:12 - 2020-11-26 16:34 - 000002804 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2020-12-26 19:12 - 2020-11-24 18:30 - 000002938 _____ C:\windows\system32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509}
2020-12-26 19:12 - 2020-11-24 18:29 - 000002938 _____ C:\windows\system32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800}
2020-12-26 19:12 - 2020-11-11 18:19 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-12-26 19:12 - 2020-11-09 01:44 - 000003130 _____ C:\windows\system32\Tasks\RTKCPL
2020-12-26 19:12 - 2014-05-20 10:29 - 000003768 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-12-26 17:51 - 2020-11-09 18:07 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2020-12-25 15:05 - 2020-11-10 19:58 - 022745088 ____R C:\Wiliam M Baum 2007 3-3-14.QBW
2020-12-25 15:05 - 2020-11-10 19:58 - 000589824 ____R C:\Wiliam M Baum 2007 3-3-14.QBW.TLG
2020-12-25 15:05 - 2020-11-10 19:58 - 000000334 _____ C:\Wiliam M Baum 2007 3-3-14.QBW.ND
2020-12-25 15:01 - 2020-11-10 19:58 - 000000000 ____D C:\QuickBooksAutoDataRecovery
2020-12-22 20:03 - 2020-11-09 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-19 20:28 - 2020-11-09 01:53 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2020-12-19 20:28 - 2014-05-20 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2020-12-19 20:19 - 2020-11-11 20:30 - 000000000 ____D C:\Qoobox
2020-12-17 19:40 - 2020-11-10 20:44 - 000000000 ____D C:\Unified_Android_Toolkit
2020-12-16 17:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2020-12-16 16:51 - 2020-11-22 12:29 - 000002266 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2020-12-16 16:45 - 2020-11-10 20:34 - 000000000 ____D C:\ProgramData\HP
2020-12-16 16:45 - 2020-11-10 20:34 - 000000000 ____D C:\Program Files (x86)\HP
2020-12-16 06:42 - 2020-11-09 18:04 - 000851256 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000522480 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000469472 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000332880 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000326064 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000247888 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000208672 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000176384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000108928 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000097360 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000084496 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000042424 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2020-12-16 06:42 - 2020-11-09 18:04 - 000036792 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2020-12-13 19:59 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2020-12-13 19:59 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2020-12-09 18:44 - 2020-11-11 18:17 - 000002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-04 18:05 - 2020-11-19 21:43 - 000053148 _____ C:\Users\Bill\Documents\127 S. Snow Geese. joists and ledgers..pdf

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-23 18:37
==================== End of FRST.txt ========================
Reply With Quote