View Single Post
  #4  
Old March 5th, 2022, 02:22 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Bill (administrator) on BILL-PC (TOSHIBA Satellite C55-B) (04-03-2022 19:28:28)
Running from C:\Users\Bill\Downloads
Loaded Profiles: Bill
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Bill\AppData\Local\Apps\2.0\4Q4H81C9.63C\ 1NTDM2VV.CC2\tool..tion_5e5355aaea7379a3_0002.0000 _15c695e9e39a5da5\adb.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(C:\HP\Diagnostics\PSDR\FileExtractor.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Toshiba\TECO\Teco.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(explorer.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(HP Inc. -> HPDC LP) C:\HP\Diagnostics\PSDR\FileExtractor.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(svchost.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3244360 2014-03-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-12-08] (Intel Corporation -> Intel)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2019-02-22] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\HP 4054 Status Monitor: C:\windows\system32\hpinksts4054LM.dll [468984 2021-02-03] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\windows\system32\hpinkstsC511LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\windows\system32\HPDiscoPMC511.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 6400 series): C:\windows\system32\HPDiscoPM4054.dll [1055904 2021-11-13] (HP Inc. -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2022-01-07]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-11-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2022-01-07]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C5F83E1-F73C-4FC0-81A6-8C786FCACEB7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Bill\AppData\Local\ESET\ESETOnlineScanner \ESETOnlineScanner.exe [21737944 2022-02-21] (ESET, spol. s r.o. -> ESET)
Task: {1E73DD9A-E2EE-44DC-951F-D764902365A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2021-01-17] (Adobe Inc. -> Adobe)
Task: {3B38BE87-AB2F-42F5-9683-01C5864737A0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2021-12-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4550EE47-B910-4DAC-9E67-3FEEFE4887E4} - System32\Tasks\{47A014EE-8C4D-4B4E-92A0-62146515CCC4} => C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32Pro.exe [791752 2019-02-22] (Intuit, Inc. -> Intuit Inc.)
Task: {5A33B06E-8937-42A6-89B3-8622C88F64B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-02-14] (Piriform Software Ltd -> Piriform)
Task: {637BEC91-60ED-4EFF-8C30-FE37F6627772} - System32\Tasks\{600CE733-A206-49EE-B4C2-F3579F01EB60} => C:\Users\Bill\Downloads\HPPSdr.exe [11848496 2021-12-16] (HP Inc. -> )
Task: {6538A60D-B466-4E7C-A83C-0A70512F47ED} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992792 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
Task: {7058A1B4-5F5A-4A69-8E2F-9FEEAD859A75} - System32\Tasks\{BEC945C3-3869-494B-B5BC-984A7DA3C09C} => D:\GM\GM Service Information\siupdate.exe (No File)
Task: {A9836746-310C-44E0-AC49-0A8018006DEA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Bill\AppData\Local\ESET\ESETOnlineScanner \ESETOnlineScanner.exe [21737944 2022-02-21] (ESET, spol. s r.o. -> ESET)
Task: {AFC47425-9E73-4F83-BF8B-C3E3C0F269F2} - System32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {C7D7EDE9-4137-4BE4-8316-B120E587CB5D} - System32\Tasks\{AA1C8DCC-9D49-447C-BF55-638D8F43490E} => C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32Pro.exe [791752 2019-02-22] (Intuit, Inc. -> Intuit Inc.)
Task: {C906ADDC-CED4-48F5-BE68-7FC205E37EB2} - System32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {D318C434-644C-4BFC-8318-B631F74F846B} - System32\Tasks\CCleanerSkipUAC - Bill => C:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DCA7A2CE-2FFC-483C-B6A8-2CEB8B5A8477} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3984136 2022-01-17] (Easeware Technology Limited -> Easeware)
Task: {E13CB2C7-5C3A-4C8F-A000-F8A7FF835E2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {E351E4A9-9869-46A7-B3F6-C995BF6E8CFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2022-02-10] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{74FA6359-E6FE-4606-8733-CF412093A669}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CA6723CF-4502-44B2-BA46-EEF1E1E35062}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{D50CDFAA-879D-4F62-8B34-003DCAD5A57C}: [DhcpNameServer] 192.168.42.129

Edge:
=======
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-04]

FireFox:
========
FF DefaultProfile: 74j3dfas.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\74j3dfas.default [2020-11-09]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268 [2022-03-04]
FF Homepage: Mozilla\Firefox\Profiles\dfnhqdrp.default-release-1609205945268 -> hxxps://duckduckgo.com/
FF Extension: (Facebook Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-facebook.xpi [2021-08-03]
FF Extension: (Google Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-google.xpi [2021-03-04]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@testpilot-containers.xpi [2022-02-15]
FF Extension: (HTTPS Everywhere) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-01]
FF Extension: (Open in PDF Reader) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{0d3afca0-aedf-491f-b0f9-9ffc22113ea8}.xpi [2021-07-12]
FF Extension: (open-in-pdf) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{2582ab30-4fca-475f-88d0-c1a9b9ed978f}.xpi [2021-07-12]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-03-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-23]
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1 .dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2022-03-04]
CHR DefaultSearchURL: Default -> hxxps://www.saferbrowsing-search.com/search/?category=web&vert=private&s=w1pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> privacy
CHR DefaultSuggestURL: Default -> hxxps://sug.saferbrowsing-search.com/v1/sug/?s=w1pr&vert=tracking&q={searchTerms}
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-11-09]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-11-09]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-11-09]
CHR Extension: (Online Privacy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbnbdniloknhbmabbbaiodiocm gfdheo [2021-06-25]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-11-09]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-06-25]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-11-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2021-01-17] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8482384 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [563992 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [563992 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
S3 clr_optimization_v2.0.50727_64; C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2021-12-08] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [177080 2021-12-08] (Intel Corporation -> Intel)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-18] (Malwarebytes Inc -> Malwarebytes)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [11848496 2021-12-16] (HP Inc. -> )
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2019-02-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2019-02-22] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [35720 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [226328 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [368664 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [251928 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99352 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41352 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [267904 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [545784 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2022-02-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [108888 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82912 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [854272 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [550376 2022-03-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215920 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [317696 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
S3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [47816 2014-02-26] (Qualcomm Atheros -> Atheros)
S1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614050.028\ccS etx64.sys [192248 2020-08-01] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [160176 2021-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 int0800; C:\windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [221096 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [194480 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [69040 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-14] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [147920 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614050.028\SYM EFASI64.SYS [1964384 2020-08-01] (Symantec Corporation -> Symantec Corporation)
U1 aswbdisk; no ImagePath
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-04 19:27 - 2022-03-04 19:27 - 002312192 _____ (Farbar) C:\Users\Bill\Downloads\FRST64(1).exe
2022-03-04 19:08 - 2022-03-04 19:08 - 000000000 ____D C:\windows\LastGood
2022-03-04 19:08 - 2014-06-21 13:56 - 000053624 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\tosrfec.sys
2022-03-03 18:18 - 2022-03-03 18:18 - 000050952 _____ C:\Users\Bill\Documents\Camolot St Finished rot repair..pdf
2022-02-25 18:40 - 2022-02-25 18:40 - 000154444 _____ C:\Users\Bill\Documents\all work hrs 8.pdf
2022-02-25 18:39 - 2022-02-25 18:39 - 000154793 _____ C:\Users\Bill\Documents\all work hrs 7.pdf
2022-02-25 18:38 - 2022-02-25 18:38 - 000155598 _____ C:\Users\Bill\Documents\all work hrs 6.pdf
2022-02-25 18:37 - 2022-02-25 18:37 - 000155953 _____ C:\Users\Bill\Documents\all work hrs 5.pdf
2022-02-25 18:36 - 2022-02-25 18:36 - 000155347 _____ C:\Users\Bill\Documents\all work hrs 4.pdf
2022-02-25 18:35 - 2022-02-25 18:35 - 000153338 _____ C:\Users\Bill\Documents\all work hrs 3.pdf
2022-02-25 18:21 - 2022-02-25 18:21 - 000228435 _____ C:\Users\Bill\Documents\All work hrs 2.pdf
2022-02-25 18:09 - 2022-02-25 18:09 - 051410120 _____ C:\Users\Bill\Downloads\EN6400e_2150D.exe
2022-02-25 18:03 - 2022-02-25 18:03 - 000165239 _____ C:\Users\Bill\Documents\All Work Hrs Dec 16 to Feb 17.pdf
2022-02-22 21:02 - 2022-02-22 21:02 - 000024576 _____ C:\windows\system32\config\security.rhk
2022-02-21 20:58 - 2022-02-21 20:58 - 000003756 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-02-21 20:58 - 2022-02-21 20:58 - 000003316 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2022-02-21 19:23 - 2022-03-03 18:25 - 000001209 _____ C:\Users\Bill\Desktop\ESET Online Scanner.lnk
2022-02-21 19:22 - 2022-02-21 19:22 - 015274968 _____ (ESET) C:\Users\Bill\Downloads\esetonlinescanner.exe
2022-02-21 19:22 - 2022-02-21 19:22 - 000000000 ____D C:\Users\Bill\AppData\Local\ESET
2022-02-21 19:20 - 2022-02-21 19:20 - 000000000 ____D C:\Qoobox
2022-02-21 19:11 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2022-02-18 23:38 - 2022-02-19 19:11 - 000000404 _____ C:\windows\Tasks\Driver Easy Scheduled Scan.job
2022-02-18 23:38 - 2022-02-18 23:38 - 000003808 _____ C:\windows\system32\Tasks\Driver Easy Scheduled Scan
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Easeware
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\Program Files\Easeware
2022-02-18 23:37 - 2022-02-18 23:38 - 005241536 _____ (Easeware ) C:\Users\Bill\Downloads\DriverEasy_Setup.exe
2022-02-18 23:30 - 2022-02-19 19:13 - 000000000 ____D C:\windows\system32\FxsTmp
2022-02-18 23:30 - 2022-02-18 23:30 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2022-02-18 23:30 - 2022-02-18 23:30 - 000000000 ____D C:\windows\SysWOW64\FxsTmp
2022-02-18 23:30 - 2022-02-18 23:30 - 000000000 ____D C:\windows\addins
2022-02-18 22:56 - 2022-02-28 18:56 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Wise Registry Cleaner
2022-02-18 22:56 - 2022-02-18 22:56 - 006150816 _____ (WiseCleaner.com ) C:\Users\Bill\Downloads\WRCFree_10.7.1.698.exe
2022-02-18 22:56 - 2022-02-18 22:56 - 000001202 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2022-02-18 22:56 - 2022-02-18 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2022-02-18 22:56 - 2022-02-18 22:56 - 000000000 ____D C:\Program Files (x86)\Wise
2022-02-18 22:46 - 2022-02-21 19:19 - 005660510 _____ (Swearware) C:\Users\Bill\Downloads\ComboFix.exe
2022-02-18 22:26 - 2022-02-18 22:26 - 000221096 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000194480 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000147920 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000069040 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2022-02-18 22:20 - 2022-02-18 22:20 - 002412728 _____ (Malwarebytes) C:\Users\Bill\Downloads\MBSetup-10789.10789-consumer.exe
2022-02-18 21:16 - 2022-02-18 21:16 - 000000000 ____H C:\Users\Bill\Documents\Default.rdp
2022-02-18 19:10 - 2022-02-18 19:10 - 001311960 _____ C:\Users\Bill\Downloads\SPPL 212.xlsx
2022-02-18 12:32 - 2022-03-04 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-18 12:31 - 2022-02-18 12:31 - 000051601 _____ C:\Users\Bill\Documents\SN040D rot fix part paymnt..pdf
2022-02-13 10:57 - 2022-02-13 11:01 - 1106400131 _____ C:\Users\Bill\Downloads\BootleggersROM-Pie4blueline.4.0-Stable-Shishufied-20190121(2).zip
2022-02-13 10:47 - 2022-02-13 10:50 - 856810080 _____ C:\Users\Bill\Downloads\lineage-18.1-20220208-nightly-blueline-signed.zip
2022-02-13 10:23 - 2022-02-13 10:23 - 000051738 _____ C:\Users\Bill\Documents\Rain Gutter airport rd..pdf
2022-02-10 21:04 - 2022-02-10 21:04 - 008682039 _____ C:\Users\Bill\Downloads\usb_driver_r13-windows.zip
2022-02-10 21:04 - 2022-02-10 21:04 - 000000000 ____D C:\Users\Bill\Downloads\usb_driver_r13-windows
2022-02-10 20:20 - 2022-02-10 20:20 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-10 19:49 - 2022-02-10 19:49 - 000002090 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-02-10 19:49 - 2022-02-10 19:49 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Avast Software
2022-02-10 19:49 - 2022-02-10 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2022-02-10 19:47 - 2022-03-04 16:06 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2022-02-10 19:47 - 2022-03-03 18:00 - 000550376 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2022-02-10 19:47 - 2022-02-16 17:05 - 000368664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2022-02-10 19:47 - 2022-02-16 17:05 - 000317696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2022-02-10 19:47 - 2022-02-10 19:47 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2022-02-10 19:47 - 2022-02-10 19:46 - 000854272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000545784 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000340760 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2022-02-10 19:47 - 2022-02-10 19:46 - 000267904 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000251928 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000226328 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000215920 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000108888 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000099352 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000082912 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000041352 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000035720 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2022-02-10 19:46 - 2022-02-10 19:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-02-10 19:45 - 2022-02-10 19:45 - 000000000 ____D C:\Program Files\Avast Software
2022-02-10 18:05 - 2022-02-10 18:05 - 000290917 _____ C:\Users\Bill\Documents\DLL Finance Feb 2022.pdf
2022-02-08 19:50 - 2022-02-08 19:50 - 000051394 _____ C:\Users\Bill\Documents\Work on Dump Trailer..pdf
2022-02-03 18:08 - 2022-02-03 18:08 - 000052016 _____ C:\Users\Bill\Documents\Stan White South Office Blg 2nd Fl Door..pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-04 19:30 - 2020-12-31 16:37 - 000024202 _____ C:\Users\Bill\Downloads\FRST.txt
2022-03-04 19:29 - 2020-12-31 16:36 - 000000000 ____D C:\FRST
2022-03-04 19:28 - 2020-11-09 17:35 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2022-03-04 19:18 - 2021-02-16 20:34 - 000000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2022-03-04 19:17 - 2020-11-24 22:36 - 000000000 ____D C:\Program Files\CCleaner
2022-03-04 19:13 - 2020-11-10 20:44 - 000000000 ____D C:\Unified_Android_Toolkit
2022-03-04 19:07 - 2020-11-09 18:01 - 000000000 ____D C:\ProgramData\Avast Software
2022-03-04 19:07 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2022-03-04 18:37 - 2021-05-24 17:45 - 000000000 ____D C:\Users\Bill\AppData\Local\Avast Software
2022-03-04 16:13 - 2020-11-10 19:58 - 023465984 ____R C:\Wiliam M Baum 2007 3-3-14.QBW
2022-03-04 16:13 - 2020-11-10 19:58 - 017367040 ____R C:\Wiliam M Baum 2007 3-3-14.QBW.TLG
2022-03-04 16:13 - 2020-11-10 19:58 - 000000334 _____ C:\Wiliam M Baum 2007 3-3-14.QBW.ND
2022-02-26 22:00 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2022-02-25 18:11 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2022-02-22 21:02 - 2009-07-13 21:34 - 078381056 _____ C:\windows\system32\config\software.bak
2022-02-22 21:02 - 2009-07-13 21:34 - 006815744 _____ C:\windows\system32\config\default.bak
2022-02-22 21:02 - 2009-07-13 21:34 - 000262144 _____ C:\windows\system32\config\sam.bak
2022-02-21 19:19 - 2020-11-11 20:29 - 000000000 ____D C:\windows\erdnt
2022-02-18 23:51 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2022-02-18 23:30 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Setup
2022-02-18 22:53 - 2021-03-15 17:49 - 000000000 ____D C:\Program Files (x86)\Auslogics
2022-02-18 22:53 - 2020-11-10 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-02-18 22:26 - 2021-01-01 17:36 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-18 22:26 - 2021-01-01 17:36 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-18 22:25 - 2021-01-01 17:34 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-18 22:25 - 2020-11-24 21:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-18 22:17 - 2020-12-28 19:37 - 000000000 ____D C:\Users\Bill\Downloads\backups
2022-02-18 20:30 - 2020-11-26 16:34 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2022-02-18 17:58 - 2020-11-09 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-13 18:05 - 2020-11-09 17:43 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-11 19:31 - 2020-11-08 23:24 - 000000000 ____D C:\Users\Bill
2022-02-11 19:30 - 2020-11-09 01:48 - 000000000 ____D C:\Program Files (x86)\Atheros
2022-02-11 19:30 - 2014-05-20 10:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-02-11 19:30 - 2010-11-21 02:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2022-02-11 19:30 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2022-02-11 18:11 - 2021-07-23 17:42 - 000000000 ____D C:\windows\pss
2022-02-10 20:08 - 2020-11-09 01:43 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-02-08 20:14 - 2021-12-16 20:41 - 000002930 _____ C:\windows\system32\Tasks\{600CE733-A206-49EE-B4C2-F3579F01EB60}
2022-02-08 20:14 - 2021-08-21 15:33 - 000002804 _____ C:\windows\system32\Tasks\CCleanerSkipUAC - Bill
2022-02-08 20:14 - 2020-11-11 18:19 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2022-02-08 20:14 - 2020-11-09 01:44 - 000003166 _____ C:\windows\system32\Tasks\RTKCPL

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-02-26 21:52
==================== End of FRST.txt ========================
Reply With Quote