API tools faq
paste
Advertisement
Guest User

FRST Frafiq

a guest
Apr 23rd, 2018
1,536
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.63 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22.04.2018 01
  2. Ran by user (administrator) on USER (23-04-2018 18:12:40)
  3. Running from C:\Users\user\Downloads
  4. Loaded Profiles: user (Available Profiles: user & Guest)
  5. Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
  6. Internet Explorer Version 8 (Default browser not detected!)
  7. Boot Mode: Safe Mode (with Networking)
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  15. (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  16. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  17. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  18. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  19. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  20. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  21. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  22. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  23. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  24. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  25. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  26. (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
  27.  
  28. ==================== Registry (Whitelisted) ===========================
  29.  
  30. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  31.  
  32. HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-13] (AVAST Software)
  33. HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Commnucations)
  34. HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Commnucations)
  35. HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  36. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  37. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Run: [BandwidthMeterPro] => C:\Program Files\BandwidthMeterPro\BWMeterPro.exe [236032 2008-08-16] (BANDWIDTH-METER.NET)
  38. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [2783040 2012-04-25] (Piriform Ltd)
  39. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
  40. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-11] (f.lux Software LLC)
  41. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3858000 2014-07-10] (Tonec Inc.)
  42. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
  43. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Policies\Explorer: []
  44. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: H - H:\AutoRun.exe
  45. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {00acd6a8-42f3-11e4-856b-74de2bc47337} - H:\setup.exe
  46. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {00acd70b-42f3-11e4-856b-74de2bc47337} - H:\setup.exe
  47. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {07f47305-219d-11e4-8c22-74de2bc47337} - J:\Startme.exe
  48. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {13e70130-9a82-11e5-b5ce-74de2bc47337} - H:\Setup.exe
  49. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {29c62891-504b-11e6-8b82-74de2bc47337} - H:\Startme.exe
  50. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {39788de8-7cdf-11e3-933b-74de2bc4163f} - H:\setup.exe
  51. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {39788df5-7cdf-11e3-933b-74de2bc4163f} - H:\setup.exe
  52. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {45aca407-69f3-11e7-94d5-74de2bc47337} - G:\AutoRun.exe
  53. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {868f6f5a-a8de-11e3-bb37-806e6f6e6963} - H:\setup.exe
  54. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {952b3445-a6dd-11e2-aae6-74de2bc4163f} - G:\AutoRun.exe
  55. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {956fc30c-424d-11e4-856b-74de2bc47337} - H:\setup.exe
  56. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {9e99ebef-1db9-11e4-8bd0-74de2bc47337} - H:\setup.exe
  57. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ad8171db-45be-11e4-9cff-74de2bc47337} - H:\setup.exe
  58. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e060-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  59. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e0da-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  60. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e101-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  61. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e16e-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  62. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e18d-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  63. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e231-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  64. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e24e-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  65. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e65b-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  66. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {b6f5e683-4161-11e4-b8af-74de2bc47337} - H:\setup.exe
  67. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ebd3e8b7-4109-11e4-a790-74de2bc47337} - H:\setup.exe
  68. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ebd3e8f6-4109-11e4-a790-74de2bc47337} - H:\setup.exe
  69. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ebd3e93b-4109-11e4-a790-74de2bc47337} - H:\setup.exe
  70. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ebd3e9d5-4109-11e4-a790-74de2bc47337} - H:\setup.exe
  71. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\MountPoints2: {ebd3e9fb-4109-11e4-a790-74de2bc47337} - H:\setup.exe
  72. HKU\S-1-5-18\...\Run: [] => [X]
  73. IFEO\capture.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  74. IFEO\connect.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  75. IFEO\coreldrw.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  76. IFEO\corelpp.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  77. IFEO\fontnav.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  78. IFEO\videobrowser.exe: [Debugger] "C:\Program Files\AVAST Software\Avast Cleanup\autoreactivator.exe"
  79. Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BimaTRI.lnk [2018-04-23]
  80. ShortcutTarget: BimaTRI.lnk -> C:\Program Files\BimaTRI\BimaTRI.exe ()
  81. CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  82.  
  83. ==================== Internet (Whitelisted) ====================
  84.  
  85. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  86.  
  87. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  88. Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
  89. Tcpip\..\Interfaces\{0B053B59-359F-40B9-8BBA-B39A472CE373}: [NameServer] 8.8.8.8 8.8.4.4
  90. Tcpip\..\Interfaces\{5D905DD4-4204-4264-A6C0-F883CCFA45FB}: [NameServer] 8.8.8.8,8.8.4.4
  91. Tcpip\..\Interfaces\{6ADD1210-D624-4BED-87CD-7184FFBC2981}: [DhcpNameServer] 192.168.1.1
  92. Tcpip\..\Interfaces\{6C55B732-2202-4D1E-AE04-B7C5AAB4B5B6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
  93. Tcpip\..\Interfaces\{B4828D64-77A8-4BF5-B49B-8A58A0E0F554}: [NameServer] 8.8.8.8,8.8.4.4
  94. Tcpip\..\Interfaces\{F54A0651-CA9D-4B10-881E-E23FFC413FAA}: [NameServer] 8.8.8.8,8.8.4.4
  95.  
  96. Internet Explorer:
  97. ==================
  98. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  99. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
  100. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  101. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
  102. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
  103. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://plasa.msn.com/?ocid=iehp
  104. HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  105. SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
  106. SearchScopes: HKU\S-1-5-21-4141686117-3360805979-1768249960-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  107. SearchScopes: HKU\S-1-5-21-4141686117-3360805979-1768249960-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
  108. BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
  109. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
  110. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-04] (Oracle Corporation)
  111. BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
  112. BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-04] (Oracle Corporation)
  113. Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
  114. StartMenuInternet: IEXPLORE.EXE - iexplore.exe
  115.  
  116. FireFox:
  117. ========
  118. FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default [2018-04-23]
  119. FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\user.js [2016-12-06]
  120. FF Homepage: Mozilla\Firefox\Profiles\sqhnpmpi.default -> about:home
  121. FF NetworkProxy: Mozilla\Firefox\Profiles\sqhnpmpi.default -> backup.ftp", "202.185.27.34"
  122. FF Extension: (YouTube mp3) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\info@youtube-mp3.org.xpi [2015-06-30] [Legacy]
  123. FF Extension: (JSOff) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\jsoff@jsoff.com.xpi [2015-06-30] [Legacy]
  124. FF Extension: (Movable Firefox Button) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\movableAppButton@Merci.chao.xpi [2015-07-01] [Legacy]
  125. FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\mozilla_cc@internetdownloadmanager.com [2015-07-01] [Legacy] [not signed]
  126. FF Extension: (Redirector) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\redirector@einaregilsson.com [2015-07-01] [Legacy]
  127. FF Extension: (Turn Off the Lights) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\stefanvandamme@stefanvd.net.xpi [2015-07-01] [Legacy]
  128. FF Extension: (1-Click YouTube Video Downloader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-07-01] [Legacy]
  129. FF Extension: (FlashGot) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-07-01] [Legacy]
  130. FF Extension: (Stylish) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-07-01] [Legacy]
  131. FF Extension: (Text Link) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-07-01] [Legacy]
  132. FF Extension: (FT DeepDark) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-19] [Legacy] [not signed]
  133. FF Extension: (Mozilla Archive Format) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-07-01] [Legacy]
  134. FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-30] [Legacy]
  135. FF Extension: (Greasemonkey) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-07-01] [Legacy]
  136. FF Extension: (User Agent Switcher) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sqhnpmpi.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-07-01] [Legacy]
  137. FF Extension: (No Name) - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
  138. FF HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
  139. FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2014-08-03] [Legacy] [not signed]
  140. FF HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
  141. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-08-07] ()
  142. FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
  143. FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
  144. FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
  145. FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
  146. FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
  147. FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-04] (Oracle Corporation)
  148. FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-04] (Oracle Corporation)
  149. FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-18] (Google Inc.)
  150. FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-18] (Google Inc.)
  151. FF Plugin HKU\S-1-5-21-4141686117-3360805979-1768249960-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
  152.  
  153. Chrome:
  154. =======
  155. CHR DefaultProfile: Profile 2
  156. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-04-23]
  157. CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
  158. CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
  159. CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
  160. CHR Extension: (Slinky Elegant) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-09-03]
  161. CHR Extension: (Chrome IG Story) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-04-17]
  162. CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-21]
  163. CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
  164. CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2017-04-12]
  165. CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-04-21]
  166. CHR Extension: (Full Page Screen Capture) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-04-18]
  167. CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
  168. CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-01-30]
  169. CHR Extension: (TweetDeck by Twitter) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-26]
  170. CHR Extension: (2048) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekhdfjankbhklfkjmnmnefcacndeoll [2017-12-28]
  171. CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2016-12-24]
  172. CHR Extension: (Secure Bookmarks) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocjgngiajhfiikjolfhcpiokgbinep [2017-01-03]
  173. CHR Extension: (Kiwi IRC) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\malkpgopfalejggcogglkiemcknbiphe [2015-01-10]
  174. CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
  175. CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
  176. CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
  177. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-23]
  178. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-04-23]
  179. CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
  180. CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
  181. CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-27]
  182. CHR Extension: (Chrome IG Story) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-04-11]
  183. CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-19]
  184. CHR Extension: (Tampermonkey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-10]
  185. CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
  186. CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-15]
  187. CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-22]
  188. CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-04-23]
  189. CHR Extension: (Google Keep - notes and lists) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-04-19]
  190. CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2017-03-27]
  191. CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
  192. CHR Extension: (Better FPL) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oimpiccgpkkjbdligdbcipdcjcklcglm [2017-12-04]
  193. CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-27]
  194. CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
  195. CHR Extension: (Enhancer for YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-04-19]
  196. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-23]
  197. CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
  198. CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-07-10]
  199. CHR HKU\S-1-5-21-4141686117-3360805979-1768249960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
  200.  
  201. ==================== Services (Whitelisted) ====================
  202.  
  203. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  204.  
  205. S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
  206. S3 AdAppMgrSvc; C:\Program Files\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
  207. S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-13] (AVAST Software)
  208. S2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
  209. S2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
  210. S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
  211. S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-13] (AVAST Software)
  212. S4 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
  213. S2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [7649576 2018-03-10] (AVAST Software)
  214. S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1104128 2015-10-20] (Flexera Software LLC)
  215. S2 FoxitReaderService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
  216. S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1810944 2010-12-24] (Realsil Microelectronics Inc.) [File not signed]
  217. R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
  218. S4 MyWiFiRouterDHCP; C:\Program Files\Wi-Fi\WiFiGxSvc.exe [47464 2014-11-18] ()
  219. S4 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
  220. S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
  221. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
  222. S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
  223.  
  224. ===================== Drivers (Whitelisted) ======================
  225.  
  226. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  227.  
  228. S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-13] (AVAST Software)
  229. S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-14] (AVAST Software)
  230. S0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-14] (AVAST Software)
  231. S0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-14] (AVAST Software)
  232. S0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-14] (AVAST Software)
  233. S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-13] (AVAST Software)
  234. S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-13] (AVAST Software)
  235. R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-13] (AVAST Software)
  236. S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-13] (AVAST Software)
  237. S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-13] (AVAST Software)
  238. S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-13] (AVAST Software)
  239. S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-13] (AVAST Software)
  240. S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-08-18] (The OpenVPN Project)
  241. S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-13] (AVAST Software)
  242. S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
  243. S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
  244. S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
  245. R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
  246. S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
  247. S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
  248. S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
  249. S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
  250. S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-12] (Sony Mobile Communications)
  251. S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
  252. S3 hwdatacard; C:\Windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
  253. S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-01-16] (REALiX(tm))
  254. S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [269824 2010-10-15] (Intel(R) Corporation) [File not signed]
  255. R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-23] (Malwarebytes)
  256. S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2012-03-25] (MotioninJoy) [File not signed]
  257. S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
  258. S2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [60608 2015-03-31] (IObit Information Technology)
  259. R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-08-25] (Sonic Solutions) [File not signed]
  260. S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [39048 2011-11-07] ()
  261. S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
  262. R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-03-28] (Duplex Secure Ltd.)
  263. R1 txwifinat; C:\Windows\System32\DRIVERS\txwifinat.sys [31152 2014-12-01] (Nanjing Tongxiang Network Technology Co.,LTD)
  264. S3 Adpccgemo; no ImagePath
  265. S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
  266. S1 avfwot; system32\DRIVERS\avfwot.sys [X]
  267. S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
  268. S3 cpuz138; \??\C:\Users\user\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
  269. S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [X]
  270. S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
  271. S3 taphss6; system32\DRIVERS\taphss6.sys [X]
  272. S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
  273. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  274.  
  275. ==================== NetSvcs (Whitelisted) ===================
  276.  
  277. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  278.  
  279.  
  280. ==================== One Month Created files and folders ========
  281.  
  282. (If an entry is included in the fixlist, the file/folder will be moved.)
  283.  
  284. 2018-04-23 18:12 - 2018-04-23 18:13 - 000029682 _____ C:\Users\user\Downloads\FRST.txt
  285. 2018-04-23 18:12 - 2018-04-23 18:12 - 001764864 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
  286. 2018-04-23 18:12 - 2018-04-23 18:12 - 000000000 ____D C:\FRST
  287. 2018-04-23 17:44 - 2018-04-23 17:44 - 000004645 _____ C:\Users\user\Downloads\sr.txt
  288. 2018-04-23 17:32 - 2018-04-23 17:32 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
  289. 2018-04-23 17:32 - 2018-04-23 17:32 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
  290. 2018-04-23 17:32 - 2018-04-23 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
  291. 2018-04-23 17:32 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
  292. 2018-04-23 17:31 - 2018-04-23 17:31 - 000000000 ____D C:\Program Files\Malwarebytes
  293. 2018-04-23 17:30 - 2018-04-23 17:31 - 073551144 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4834.exe
  294. 2018-04-23 17:11 - 2018-04-23 17:32 - 000194916 _____ C:\Windows\ntbtlog.txt
  295. 2018-04-23 13:33 - 2018-04-23 13:33 - 000099488 _____ C:\Users\user\Downloads\cc_20180423_133306.reg
  296. 2018-04-23 13:33 - 2018-04-23 13:33 - 000002782 _____ C:\Users\user\Downloads\cc_20180423_133329.reg
  297. 2018-04-23 13:33 - 2018-04-23 13:33 - 000001676 _____ C:\Users\user\Downloads\cc_20180423_133340.reg
  298. 2018-04-23 13:08 - 2018-04-23 13:09 - 000000000 ____D C:\AdwCleaner
  299. 2018-04-23 13:04 - 2018-04-23 13:04 - 000125578 _____ C:\Users\user\Downloads\cc_20180423_130416.reg
  300. 2018-04-23 13:03 - 2018-04-23 13:07 - 007256272 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.1.0.0.exe
  301. 2018-04-23 12:30 - 2018-04-23 12:30 - 000966300 _____ C:\Users\user\Downloads\Unconfirmed 327036.crdownload
  302. 2018-04-22 17:27 - 2018-04-22 17:28 - 000000000 ____D C:\Users\user\Downloads\soldier pile
  303. 2018-04-19 13:43 - 2018-04-19 13:44 - 000110620 _____ C:\Users\user\Downloads\207 BLK Ext IV 2018 - PPK - Penilaian Undip.pdf
  304. 2018-04-18 16:48 - 2018-04-18 16:49 - 000000411 _____ C:\Users\user\Downloads\SAT.txt
  305. 2018-04-18 16:18 - 2018-04-18 16:29 - 030376587 _____ C:\Users\user\Downloads\Semnas_Teknik_Sumber_Daya_Air.pdf
  306. 2018-04-16 06:02 - 2018-04-16 06:02 - 000000284 _____ C:\Users\user\Documents\vc.txt
  307. 2018-04-16 05:50 - 2018-04-16 05:50 - 000000019 _____ C:\Windows\pphelper.INI
  308. 2018-04-14 10:50 - 2018-04-14 10:55 - 000213934 ____H C:\Users\user\Downloads\.7791527923942.tmp
  309. 2018-04-13 09:07 - 2018-04-13 09:07 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
  310. 2018-04-11 09:37 - 2018-04-16 05:53 - 000000080 __RSH C:\Windows\system32\52B9282652.dll
  311. 2018-04-04 19:05 - 2018-04-04 19:05 - 039167884 _____ C:\Users\user\Downloads\SPL-Hantu Hantu Neraka.djvu
  312. 2018-04-04 18:31 - 2018-04-04 18:34 - 000000000 ____D C:\Users\user\Downloads\progkom
  313. 2018-04-01 11:04 - 2018-04-01 11:04 - 000000103 _____ C:\Users\user\Downloads\pls.pls
  314. 2018-03-27 19:34 - 2018-04-04 18:32 - 000000000 ____D C:\Users\user\Downloads\BAJA 1 2018
  315.  
  316. ==================== One Month Modified files and folders ========
  317.  
  318. (If an entry is included in the fixlist, the file/folder will be moved.)
  319.  
  320. 2018-04-23 17:31 - 2015-10-29 02:26 - 000000000 ____D C:\ProgramData\Malwarebytes
  321. 2018-04-23 17:14 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\inf
  322. 2018-04-23 17:11 - 2009-07-14 11:34 - 000017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  323. 2018-04-23 17:11 - 2009-07-14 11:34 - 000017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  324. 2018-04-23 17:10 - 2009-07-14 11:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
  325. 2018-04-23 13:46 - 2016-06-30 10:26 - 000000000 _____ C:\Windows\system32\last.dump
  326. 2018-04-23 13:43 - 2014-04-20 10:32 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
  327. 2018-04-23 13:36 - 2015-09-30 21:03 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
  328. 2018-04-23 13:24 - 2015-10-20 13:48 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
  329. 2018-04-23 13:24 - 2014-08-26 07:09 - 000000000 ____D C:\Users\user\AppData\Local\Autodesk
  330. 2018-04-23 13:24 - 2014-08-26 07:08 - 000000000 ____D C:\Program Files\Autodesk
  331. 2018-04-23 13:24 - 2014-08-26 06:46 - 000000000 ____D C:\ProgramData\Autodesk
  332. 2018-04-23 13:22 - 2014-08-26 06:46 - 000000000 ____D C:\Users\user\AppData\Roaming\Autodesk
  333. 2018-04-23 13:21 - 2015-10-20 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
  334. 2018-04-23 13:09 - 2017-03-27 09:57 - 000000000 ____D C:\Users\Guest\AppData\Roaming\IObit
  335. 2018-04-23 13:09 - 2016-01-16 19:23 - 000000000 ____D C:\Users\user\AppData\LocalLow\IObit
  336. 2018-04-23 13:09 - 2016-01-16 19:22 - 000000000 ____D C:\Program Files\Common Files\IObit
  337. 2018-04-23 13:09 - 2014-03-16 11:42 - 000000000 ____D C:\Users\user\AppData\Roaming\IObit
  338. 2018-04-23 13:09 - 2014-03-16 11:42 - 000000000 ____D C:\ProgramData\IObit
  339. 2018-04-23 12:59 - 2015-09-30 20:51 - 000000000 ____D C:\Users\user\Documents\Bluetooth Folder
  340. 2018-04-23 12:43 - 2013-04-17 04:45 - 000000000 ____D C:\Users\user\AppData\Roaming\DMCache
  341. 2018-04-23 12:32 - 2017-12-13 14:26 - 000000000 ____D C:\Program Files\BandiMPEG1
  342. 2018-04-23 10:18 - 2016-07-02 01:11 - 000000446 _____ C:\Windows\Tasks\UCBrowserUpdater{7f760b175607fdcf50225c1e38129d56}.job
  343. 2018-04-23 10:16 - 2009-07-14 09:37 - 000000000 ____D C:\Windows\system32\NDF
  344. 2018-04-22 17:26 - 2017-12-27 16:59 - 000000090 _____ C:\Users\user\Downloads\wifi.txt
  345. 2018-04-22 07:19 - 2016-06-12 22:02 - 000000000 ____D C:\Program Files\Wi-Fi
  346. 2018-04-19 08:30 - 2015-03-01 22:18 - 000000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
  347. 2018-04-19 08:30 - 2014-08-03 05:22 - 000000000 ____D C:\Users\user\AppData\Roaming\IDM
  348. 2018-04-17 06:29 - 2014-08-03 05:22 - 000000000 ____D C:\Users\user\Downloads\Compressed
  349. 2018-04-15 18:38 - 2014-01-15 19:51 - 000000000 ____D C:\Users\user\AppData\Roaming\Hear
  350. 2018-04-15 08:08 - 2014-02-11 22:39 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
  351. 2018-04-13 09:08 - 2014-08-18 11:33 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
  352. 2018-04-13 09:07 - 2017-11-21 10:24 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
  353. 2018-04-13 09:07 - 2014-08-18 11:33 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
  354. 2018-04-13 09:07 - 2014-08-18 11:33 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
  355. 2018-04-13 09:07 - 2014-08-18 11:33 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
  356. 2018-04-13 09:07 - 2014-08-18 11:33 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
  357. 2018-04-13 09:07 - 2014-08-18 11:33 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
  358. 2018-04-13 09:07 - 2014-08-18 11:33 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
  359. 2018-04-13 09:06 - 2014-08-18 11:33 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
  360. 2018-04-11 09:37 - 2014-12-08 19:12 - 000000000 ____D C:\ProgramData\Protexis
  361. 2018-04-11 09:37 - 2014-08-27 03:46 - 000000000 ____D C:\Users\user\AppData\Local\Protexis
  362. 2018-03-26 20:53 - 2017-12-15 15:06 - 000000000 ____D C:\Users\user\Downloads\SHAREit
  363. 2018-03-26 09:10 - 2013-04-15 12:59 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
  364.  
  365. ==================== Files in the root of some directories =======
  366.  
  367. 2014-08-27 07:57 - 2017-12-15 02:03 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
  368. 2015-03-20 23:02 - 2015-10-22 21:14 - 000000173 _____ () C:\Users\user\AppData\Local\msmathematics.qat.user
  369. 2014-03-16 11:51 - 2018-03-20 14:18 - 000007637 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
  370. 2017-03-29 14:14 - 2017-03-29 14:14 - 000000000 _____ () C:\Users\user\AppData\Local\{6CC1DB60-0C5F-4797-A132-9452293D9B1C}
  371. 2015-12-21 09:03 - 2015-12-21 09:03 - 000000000 _____ () C:\Users\user\AppData\Local\{7715DCA7-182D-49C8-8770-A08A007FC18E}
  372.  
  373. Some files in TEMP:
  374. ====================
  375. 2018-04-23 13:25 - 2011-12-14 13:34 - 000039336 _____ (Autodesk, Inc.) C:\Users\user\AppData\Local\Temp\AcDeltree.exe
  376. 2016-05-27 09:20 - 2016-05-27 09:20 - 000858032 _____ (www.Bandisoft.com) C:\Users\user\AppData\Local\Temp\bdcam_0.dll
  377. 2013-08-05 13:15 - 2013-08-05 13:15 - 004292136 _____ (www.Bandisoft.com) C:\Users\user\AppData\Local\Temp\bdfilters.dll
  378. 2018-04-23 13:19 - 2018-04-23 13:19 - 001433424 _____ (Flexera Software, Inc.) C:\Users\user\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
  379. 2018-04-23 17:14 - 2008-10-01 13:40 - 000453720 _____ (Macrovision Corporation) C:\Users\user\AppData\Local\Temp\_is669E.exe
  380.  
  381. Some zero byte size files/folders:
  382. ==========================
  383. C:\Windows\System32\lsprst7.dll
  384.  
  385. ==================== Bamital & volsnap ======================
  386.  
  387. (There is no automatic fix for files that do not pass verification.)
  388.  
  389. C:\Windows\explorer.exe => File is digitally signed
  390. C:\Windows\system32\winlogon.exe => File is digitally signed
  391. C:\Windows\system32\wininit.exe => File is digitally signed
  392. C:\Windows\system32\svchost.exe => File is digitally signed
  393. C:\Windows\system32\services.exe => File is digitally signed
  394. C:\Windows\system32\User32.dll => File is digitally signed
  395. C:\Windows\system32\userinit.exe => File is digitally signed
  396. C:\Windows\system32\rpcss.dll => File is digitally signed
  397. C:\Windows\system32\dnsapi.dll => File is digitally signed
  398. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
  399.  
  400. LastRegBack: 2018-04-18 17:26
  401.  
  402. ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!