Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by jba (administrator) on JBA-GAMER-2011 (08-01-2018 17:42:40)
Running from C:\Users\jba\Downloads
Loaded Profiles: jba (Available Profiles: jba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(IVPN Limited) C:\Program Files\IVPN Client\IVPN Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Subhra Das Gupta) C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [IVPN Client Runtime Warmup] => C:\Program Files\IVPN Client\IVPN Client.exe [819712 2016-02-10] (IVPN Limited)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware)
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Run: [XDM] => C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\MountPoints2: {c84af092-e846-11e0-9e02-e715ad01881b} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\MountPoints2: {f1958bcd-0d28-11e7-af3b-14dae90afe68} - V:\autorun.exe
HKU\S-1-5-18\...\Run: [XDM] => C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90B3F157-1683-4393-80E5-2D49DA8AA26E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> {4604F251-914E-4F23-B0C2-F5CA08CEB46E} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> {5D409252-4A09-4DDF-8CB4-9EC0BE0E7CC8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} hxxps://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXc ... atgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default [2018-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\v7hd04n3.default -> is enabled.
FF Extension: (Colour That Site!) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\ColourThatSite@einspeiser.de.xpi [2017-07-11] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Extension: (RightToClick) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-09-07] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jba\AppData\Local\XDM\xdmff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-14] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-13] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2542263326-912892230-2163253663-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-2542263326-912892230-2163253663-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\jba\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-27] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jba\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-02-01] (Cisco WebEx LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default [2018-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-01-08]
CHR Extension: (Google Drive) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (uBlock Origin) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-27]
CHR Extension: (Google Search) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (XDM Helper) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlkncjkeinpblgldbehianfehcablpf [2017-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-09]
CHR Extension: (Yucata) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gljddcenmfcicgdenbfalmhjebcapcbp [2016-09-19]
CHR Extension: (Zoom for Google Chrome) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-12-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Fullscreen Anything) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh [2017-01-07]
CHR Extension: (Gmail) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2542263326-912892230-2163253663-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jba\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-21]
CHR HKU\S-1-5-21-2542263326-912892230-2163253663-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (Zoom for Opera) - C:\Users\jba\AppData\Roaming\Opera Software\Opera Stable\Extensions\agocngbnphnfdhpacecdpcpfphhdmoff [2017-12-29]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-16] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
R2 IVPN Client; C:\Program Files\IVPN Client\IVPN Service.exe [32256 2016-02-10] (IVPN Limited) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-21] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-21] (Electronic Arts)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 SplashtopRemoteService; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [731648 2017-05-19] (Splashtop Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-11-07] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2017-11-08] (Wondershare)
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path C:\Users\jba\AppData\Roaming\Zoom
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-21] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 CMUACWO; C:\Windows\System32\DRIVERS\CMUACWO.sys [357376 2013-02-19] (C-Media Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-11] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\DRIVERS\mbamswissarmy.sys [252232 2017-11-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-22] (Malwarebytes)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
S3 ALSysIO; \??\C:\Users\jba\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-08 17:42 - 2018-01-08 17:42 - 000022012 _____ C:\Users\jba\Downloads\FRST.txt
2018-01-08 05:15 - 2018-01-08 05:15 - 000001322 _____ C:\Users\Public\Desktop\dr.fone.lnk
2018-01-08 05:14 - 2018-01-08 05:15 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-01-08 05:13 - 2018-01-08 05:13 - 000997600 _____ C:\Users\jba\Downloads\drfone_recover_setup_full3366.exe
2018-01-08 04:57 - 2018-01-08 04:57 - 000020539 _____ C:\Users\jba\Desktop\dds.txt
2018-01-08 04:57 - 2018-01-08 04:57 - 000008562 _____ C:\Users\jba\Desktop\attach.txt
2018-01-08 04:51 - 2018-01-08 04:51 - 022139496 _____ (CHENGDU YIWO Tech Development Co., Ltd. ) C:\Users\jba\Downloads\emsa_free.exe
2018-01-08 04:40 - 2018-01-08 04:40 - 000000000 ____D C:\Users\jba\AppData\Local\Aiseesoft Studio
2018-01-08 04:24 - 2018-01-08 04:26 - 000000000 ____D C:\Program Files\Remo Recover for Android 2.0
2018-01-08 04:24 - 2018-01-08 04:24 - 000000000 ____D C:\Users\jba\AppData\Roaming\Remo
2018-01-08 04:24 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrvx64.sys
2018-01-08 04:02 - 2018-01-08 05:14 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-08 03:58 - 2018-01-08 03:58 - 000001974 _____ C:\Users\jba\Desktop\Wondershare Dr.Fone Toolkit for Android 8.3.3.64 + Crack [SadeemPC] - Shortcut.lnk
2018-01-08 03:47 - 2018-01-08 03:49 - 000000000 ____D C:\Users\jba\Downloads\backups
2018-01-08 02:07 - 2018-01-08 02:09 - 000000000 ____D C:\FRST
2018-01-08 02:07 - 2018-01-08 02:07 - 002393088 _____ (Farbar) C:\Users\jba\Downloads\FRST64.exe
2018-01-08 01:01 - 2018-01-08 01:08 - 000000000 ____D C:\Program Files\MiniTool Mobile Recovery for Android
2018-01-08 01:01 - 2018-01-08 01:01 - 000000000 ____D C:\Program Files\DIFX
2018-01-08 00:56 - 2018-01-08 04:17 - 000000000 ____D C:\Program Files\Recuva
2018-01-08 00:56 - 2018-01-08 00:56 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-01-08 00:56 - 2018-01-08 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-01-08 00:42 - 2018-01-08 00:42 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-01-08 00:42 - 2018-01-08 00:42 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2018-01-08 00:42 - 2018-01-08 00:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-01-08 00:37 - 2018-01-08 00:37 - 005562976 _____ (Piriform Ltd) C:\Users\jba\Downloads\rcsetup153.exe
2018-01-08 00:37 - 2018-01-08 00:37 - 000000000 ____D C:\ProgramData\wsr
2018-01-08 00:30 - 2018-01-08 05:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-01-08 00:29 - 2018-01-08 05:14 - 000000000 ____D C:\ProgramData\Wondershare
2018-01-08 00:29 - 2018-01-08 01:37 - 000000000 ____D C:\Users\jba\AppData\Roaming\Wondershare
2018-01-08 00:29 - 2017-09-27 17:29 - 000000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2018-01-08 00:29 - 2017-08-08 09:25 - 000206080 _____ (DEVGURU Co., LTD.(http://www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2018-01-08 00:29 - 2017-08-08 09:25 - 000110336 _____ (DEVGURU Co., LTD.(http://www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2018-01-01 01:58 - 2018-01-01 01:58 - 000000000 ____D C:\Users\jba\Downloads\memtest86-iso
2018-01-01 01:57 - 2018-01-01 01:57 - 005916630 _____ C:\Users\jba\Downloads\memtest86-iso.zip
2018-01-01 00:33 - 2018-01-01 00:33 - 044139618 _____ C:\Users\jba\Downloads\mb_manual_z370-aorus-gaming-7_e.pdf
2018-01-01 00:31 - 2018-01-01 00:31 - 006457710 _____ C:\Users\jba\Downloads\mb_bios_z370-aorus-gaming-7_f5h.zip
2017-12-31 10:35 - 2017-12-31 10:35 - 000000000 ____D C:\Users\jba\Downloads\NicholasLinnear
2017-12-31 10:34 - 2017-12-31 10:34 - 001822148 _____ C:\Users\jba\Downloads\NicholasLinnear.zip
2017-12-28 02:47 - 2017-12-27 22:57 - 2119135463 _____ C:\Users\jba\Downloads\Ultrawide wallpapers (3440x1440)-20171228T034750Z-001.zip
2017-12-28 02:47 - 2017-12-27 21:07 - 001407310 _____ (Igor Pavlov) C:\Users\jba\Downloads\7z1701-x64.exe
2017-12-28 02:47 - 2017-12-27 20:58 - 008190545 _____ (Geeks3D ) C:\Users\jba\Downloads\FurMark_1.19.1.0_Setup.exe
2017-12-28 02:47 - 2017-12-27 16:56 - 042324748 _____ (Igor Pavlov) C:\Users\jba\Downloads\atheros_wlan_10.0.0.352(http://www.station-drivers.com).exe
2017-12-26 23:53 - 2017-12-26 23:53 - 000391706 _____ C:\Users\jba\Downloads\JBA DL receipt.xps
2017-12-26 23:52 - 2017-12-26 23:52 - 000240828 _____ C:\Users\jba\Downloads\JBA DL renewal.xps
2017-12-19 22:11 - 2017-12-19 22:11 - 497659316 _____ C:\Users\jba\Downloads\star blazers - YouTube.MKV
2017-12-19 21:59 - 2017-12-19 21:59 - 003446840 _____ C:\Users\jba\Downloads\star blazers song - YouTube.MKV
2017-12-15 18:20 - 2017-12-15 18:20 - 023508000 _____ C:\Users\jba\Downloads\gorillaz - YouTube.MKV
2017-12-15 17:59 - 2017-12-15 17:59 - 003394911 _____ C:\Users\jba\Downloads\VP2-manual.pdf
2017-12-15 16:44 - 2017-12-15 16:44 - 038652496 _____ (Mozilla) C:\Users\jba\Downloads\Firefox Setup 56.0.2.exe
2017-12-14 19:59 - 2017-12-14 19:59 - 003500861 _____ C:\Users\jba\Downloads\6261d923-863a-45ba-a930-de9d10b53231.pdf
2017-12-14 11:07 - 2017-12-14 11:07 - 000069125 _____ C:\Users\jba\Downloads\schedule-1(1).pdf
2017-12-14 11:04 - 2017-12-14 11:04 - 000069125 _____ C:\Users\jba\Downloads\schedule-1.pdf
2017-12-12 06:29 - 2017-12-12 06:29 - 026500789 _____ (pyfa ) C:\Users\jba\Downloads\pyfa-1.34.0-.arms.race-1.3-win.exe
2017-12-12 06:10 - 2017-12-12 06:10 - 005119867 _____ C:\Users\jba\Downloads\cv_hl2140_usaeng_usr_d.pdf
2017-12-11 16:54 - 2017-12-11 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-08 17:41 - 2017-05-16 03:48 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-08 17:41 - 2016-07-22 02:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-08 17:41 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-08 05:30 - 2017-10-09 16:42 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-01-08 05:18 - 2009-07-13 23:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-08 05:18 - 2009-07-13 23:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-08 05:14 - 2009-07-14 00:13 - 000959402 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-08 05:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-08 05:02 - 2013-12-07 09:44 - 000000000 ____D C:\Users\jba\Downloads\Anti Spyware 2013_12_07
2018-01-08 04:53 - 2017-05-16 03:48 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-08 03:47 - 2014-09-08 14:36 - 000000000 ____D C:\Users\jba\AppData\Roaming\uTorrent
2018-01-08 03:44 - 2011-09-26 08:07 - 000000000 ____D C:\Users\jba\AppData\Local\VirtualStore
2018-01-08 01:06 - 2009-07-13 23:45 - 000303488 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-08 00:30 - 2013-02-14 21:26 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 00:30 - 2013-02-14 21:26 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 00:30 - 2011-09-26 11:25 - 000066408 _____ C:\Users\jba\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-31 10:41 - 2013-06-26 09:47 - 000000000 ____D C:\Users\jba\Documents\JBA Records
2017-12-28 05:41 - 2011-10-03 01:54 - 000000000 ____D C:\Users\jba\Documents\EVE
2017-12-28 03:30 - 2017-03-10 02:49 - 000000000 ____D C:\Users\jba\.matplotlib
2017-12-27 17:47 - 2016-08-29 01:41 - 005208720 _____ (Krzysztof Kowalczyk) C:\Users\jba\Downloads\SumatraPDF-3.1.2-64-install.exe
2017-12-27 11:16 - 2016-12-20 17:40 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-27 10:12 - 2016-12-20 17:40 - 000003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482273650
2017-12-21 14:49 - 2014-12-09 23:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-20 00:16 - 2017-09-29 14:08 - 000000000 ____D C:\Users\jba\AppData\Roaming\foobar2000
2017-12-20 00:10 - 2014-07-11 22:24 - 000000000 ____D C:\Users\jba\AppData\Roaming\vlc
2017-12-19 19:27 - 2016-12-10 01:39 - 000000000 ____D C:\Users\jba\AppData\LocalLow\Mozilla
2017-12-19 19:19 - 2016-06-11 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-19 19:18 - 2016-06-11 14:55 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-12-19 19:18 - 2016-06-11 14:55 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-12-19 19:11 - 2017-08-31 15:38 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-19 19:11 - 2017-08-31 15:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-19 19:11 - 2014-09-14 10:35 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-15 20:37 - 2011-09-26 08:07 - 000000000 ____D C:\Users\jba
2017-12-14 11:17 - 2016-12-20 17:37 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-14 11:17 - 2015-12-26 15:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-14 11:17 - 2012-07-06 09:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-14 11:17 - 2011-12-22 13:13 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-14 11:17 - 2011-10-03 00:51 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-14 11:17 - 2011-10-03 00:51 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-14 09:40 - 2017-09-26 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-12 06:58 - 2011-09-26 10:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-12 06:33 - 2016-04-11 02:41 - 000000000 ____D C:\Users\jba\.pyfa
2017-12-11 16:54 - 2017-05-16 03:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
==================== Files in the root of some directories =======
2016-11-28 20:58 - 2016-11-28 20:58 - 000000001 _____ () C:\Users\jba\AppData\Local\llftool.4.40.agreement
2017-10-01 13:35 - 2017-10-01 13:35 - 000000866 _____ () C:\Users\jba\AppData\Local\recently-used.xbel
2016-05-21 20:32 - 2017-09-19 16:44 - 000007604 _____ () C:\Users\jba\AppData\Local\Resmon.ResmonCfg
2008-02-05 12:28 - 2008-02-05 12:28 - 000000051 _____ () C:\Users\jba\AppData\Local\setup.txt
Some files in TEMP:
====================
2016-06-11 14:55 - 2017-04-11 13:13 - 000000000 ____D () C:\Users\jba\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
hello,
I found an older post here requesting help to remove wondershare files that remained after installing the android recovery program, so i wanted to do the same thing. I tried to run FRST x64 02.01.2018, however it never finishes. I've attached a pic of where it "stops" --continues to run but nothing happens. Besides wondershare, there might be some other files that should not be there, as I tried multiple android recovery programs besides Dr Fone.
thanks,
John