Good catch - Thanks. Cut and paste error.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Perry (administrator) on TRAVELER (Dell Inc. Inspiron 5558) (07-06-2020 21:55:17)
Running from C:\Users\Perry\Desktop
Loaded Profiles: Perry
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(American Power Conversion -> Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dassault Systèmes) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Dell Inc. -> ) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494864 2015-04-02] (Entertainment Experience LLC -> Entertainment Experience)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161240 2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [SolidWorks_CheckForUpdates] => "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (American Power Conversion -> Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\...\Run: [Opera Browser Assistant] => C:\Users\Perry\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-05-19] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8U.DLL [27648 2007-04-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP470 series: C:\Windows\system32\CNMLM8U.DLL [259584 2008-02-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-03-10]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (American Power Conversion -> Schneider Electric)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D7339CA-B502-42E7-9E86-B740B80469C3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {0E9A4E71-B8DA-4955-92E8-9725E59C565D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {25F49B7D-C839-444B-AB28-915A05FEB345} - System32\Tasks\Reg Backup Tweaking.com => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {2C26BC2B-1C53-40B7-A7AB-5565DEA7E0F5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {39952320-36B5-420E-90AA-EAEEE64BC34E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
Task: {406A363F-06F5-4F79-8EA7-D2597D13A3C8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {4100D1B4-AEE0-4DE1-B3B0-B87169AE5B76} - System32\Tasks\Opera scheduled Autoupdate 1578167430 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {6916CB4A-A4C1-467D-B565-F26D6FD34DD5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {77039CAF-FC0B-4A07-9E5B-6F8E74B5920A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
Task: {85D58B7C-27E8-40AC-99FF-45AF4979D98E} - System32\Tasks\Opera scheduled assistant Autoupdate 1580934218 => C:\Users\Perry\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-05-19] (Opera Software AS -> Opera Software)
Task: {8FB46D0D-FAB7-4C8C-BFB5-58585EEBAE9D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [30904 2016-04-22] (Dell Inc. -> Dell Inc.)
Task: {932D8596-AAC4-408F-8CE5-F56106CD86DE} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A5C4072D-DEDB-45BA-AEF4-EE4A95545789} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A9A6E7CD-4B8A-429C-87AB-D9183C2425FC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-05-23] (Adobe Inc. -> Adobe)
Task: {ACF229D7-7638-448F-A366-78430F9E80B9} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248 2014-04-01] (Leader Technologies Inc -> Aviata Inc)
Task: {B1F84C72-FC26-4C4D-82E2-8A1386746998} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [325376 2015-08-06] (Tweaking LLC -> Tweaking.com)
Task: {B7DCA8D6-3C6B-4DFD-BBA1-5C8E4287A991} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {C726661B-E9AF-45B1-B720-7A5F3B8ADA39} - System32\Tasks\{FB6F14F3-7CF6-43A3-8FE7-03F3531E9EEC} => C:\Windows\system32\pcalua.exe -a C:\Users\Perry\Downloads\dell_update\update_new\AirplaneModex64_ZPE.exe -d C:\Users\Perry\Downloads\dell_update\update_new
Task: {E75FACED-39A8-459E-A93D-CA0DC3FE9193} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F420592F-981F-47DB-8A5D-FD79A30CC51E} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228552 2020-05-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FCC66A3A-18F6-465A-BE85-A6A3C88CA539} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50117D21-2CC1-4E1A-8962-144E8A4A03E7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EA106053-A368-40FB-9D12-76007CF71C96}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1021941897-2095083384-3793157674-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {38E3C46F-AA59-491C-A8C6-B63EB2282FC0} URL =
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {B6150270-6ECB-42FA-BC45-4C6131964B6C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> {F94DBE5E-5FA7-4397-A1F6-8598A3210271} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - No File
Toolbar: HKU\S-1-5-21-1021941897-2095083384-3793157674-1001 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
FireFox:
========
FF DefaultProfile: q2dk1i87.default
FF ProfilePath: C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default [2020-06-07]
FF NetworkProxy: Mozilla\Firefox\Profiles\q2dk1i87.default -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\q2dk1i87.default -> hxxps://mg.mail.yahoo.com; hxxps://www.aol.com
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\@testpilot-containers.xpi [2018-09-12]
FF Extension: (Avira Browser Safety) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\abs@avira.com.xpi [2019-09-05]
FF Extension: (FlashStopper) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\flashstopper@byo.co.il.xpi [2017-11-08] [Legacy]
FF Extension: (Page To PDF) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\page2pdf@epistemex.com.xpi [2018-04-24]
FF Extension: (RSS Icon in url bar) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\rssicon.vaka@gmail.com.xpi [2016-07-16] [Legacy]
FF Extension: (Price Rocket) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\support@pricerocket.net.xpi [2016-10-14] [Legacy]
FF Extension: (View in Office Online Viewer) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\viewinofficeapps@huhsiaotao.xpi [2016-04-27] [Legacy]
FF Extension: (NoScript) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-05]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-12-02]
FF Extension: (BetterPrivacy) - C:\Users\Perry\AppData\Roaming\Mozilla\Firefox\Profiles\q2dk1i87.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-07-25] [Legacy]
FF Plugin:
@Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-23] (Adobe Inc. -> )
FF Plugin:
@Videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin:
@Videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32:
@Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-23] (Adobe Inc. -> )
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32:
@Java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32:
@Java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32:
@Nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1021941897-2095083384-3793157674-1001:
@citrixonline.com/appdetectorplugin -> C:\Users\Perry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-24] (Citrix Online -> Citrix Online)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR Notifications: hxxps://togo.carrabbasonlineordering.com
OPR Extension: (Popup Blocker (strict)) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2020-01-04]
OPR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Perry\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbjmgmedeliohhbaefhlplndokcbmjio [2020-01-27]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573256 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (American Power Conversion -> Schneider Electric)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383240 2020-05-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [244008 2020-05-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc. -> Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell Inc. -> Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] (Dell Inc. -> )
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Techporch Incorporated -> Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Leader Technologies Inc -> Aviata, Inc.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-04-13] (Dassault Systèmes) [File not signed]
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-04-20] (Intel Corporation - pGFX -> Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel(R) Wireless Display -> Intel)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel(R) Update Manager -> Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink Corp. -> CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-07-28] (Dell Inc. -> SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc. -> Dell Inc.)
S4 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [92624 2015-04-02] (Entertainment Experience LLC -> )
S4 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2016-01-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S4 0128111438810831mcinstcleanup; C:\Windows\TEMP\012811~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208016 2020-05-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2020-06-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2017-07-13] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35784 2017-02-03] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
S3 utizodqz; C:\Windows\SysWOW64\Drivers\utizodqz.sys [7168 2016-12-10] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-07 21:55 - 2020-06-07 21:58 - 000030892 _____ C:\Users\Perry\Desktop\FRST.txt
2020-06-07 21:51 - 2020-06-07 21:57 - 000000000 ____D C:\FRST
2020-06-07 21:41 - 2020-06-07 21:42 - 002289152 _____ (Farbar) C:\Users\Perry\Desktop\FRST64.exe
2020-05-25 10:27 - 2020-05-25 10:27 - 000000000 ____D C:\Users\Perry\opera autoupdate
2020-05-21 09:47 - 2020-05-21 09:49 - 010789348 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0515_05222020.pdf
2020-05-21 09:14 - 2020-05-21 09:21 - 028507102 _____ C:\Users\Perry\Desktop\stopandshop_flyer_0521_05282020.pdf
2020-05-14 16:21 - 2020-04-29 23:49 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2020-05-14 16:21 - 2020-04-29 23:22 - 000881664 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2020-05-14 16:21 - 2020-04-29 22:55 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-05-14 16:21 - 2020-04-29 22:43 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-05-14 16:21 - 2020-04-29 22:40 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2020-05-14 16:21 - 2020-04-29 22:37 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2020-05-14 16:21 - 2020-04-29 22:33 - 001096704 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 022365896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 003118032 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-05-14 16:21 - 2020-04-16 02:04 - 001368592 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 000722496 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-05-14 16:21 - 2020-04-16 02:04 - 000642488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-05-14 16:21 - 2020-04-16 02:00 - 000374024 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-05-14 16:21 - 2020-04-16 01:15 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-05-14 16:21 - 2020-04-16 00:30 - 019795840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-05-14 16:21 - 2020-04-16 00:29 - 000561400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-05-14 16:21 - 2020-04-16 00:29 - 000493736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-05-14 16:21 - 2020-04-16 00:25 - 000316368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-05-14 16:21 - 2020-04-15 23:40 - 002911744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-05-14 16:21 - 2020-04-15 23:38 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-05-14 16:21 - 2020-04-15 23:31 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-05-14 16:21 - 2020-04-15 23:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-05-14 16:21 - 2020-04-15 23:28 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-05-14 16:21 - 2020-04-15 23:27 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-05-14 16:21 - 2020-04-15 23:27 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-05-14 16:21 - 2020-04-15 23:25 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2020-05-14 16:21 - 2020-04-15 23:14 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-05-14 16:21 - 2020-04-15 23:11 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-05-14 16:21 - 2020-04-15 23:07 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2020-05-14 16:21 - 2020-04-15 23:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2020-05-14 16:21 - 2020-04-15 23:05 - 000147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-05-14 16:21 - 2020-04-15 23:04 - 000654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-05-14 16:21 - 2020-04-15 23:03 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2020-05-14 16:21 - 2020-04-15 22:59 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-05-14 16:21 - 2020-04-15 22:59 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-05-14 16:21 - 2020-04-15 22:54 - 015478272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-05-14 16:21 - 2020-04-15 22:53 - 003258368 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-05-14 16:21 - 2020-04-15 22:53 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-05-14 16:21 - 2020-04-15 22:51 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-05-14 16:21 - 2020-04-15 22:50 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-05-14 16:21 - 2020-04-15 22:49 - 002942464 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2020-05-14 16:21 - 2020-04-15 22:49 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-05-14 16:21 - 2020-04-15 22:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2020-05-14 16:21 - 2020-04-15 22:43 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-05-14 16:21 - 2020-04-15 22:41 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-05-14 16:21 - 2020-04-15 22:41 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-05-14 16:21 - 2020-04-15 22:40 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-05-14 16:21 - 2020-04-15 22:39 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-05-14 16:21 - 2020-04-15 22:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-05-14 16:21 - 2020-04-15 22:38 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-05-14 16:21 - 2020-04-15 22:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-05-14 16:21 - 2020-04-15 22:37 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-05-14 16:21 - 2020-04-15 22:35 - 013861376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-05-14 16:21 - 2020-04-15 22:35 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-05-14 16:21 - 2020-04-15 22:32 - 000689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2020-05-14 16:21 - 2020-04-15 22:30 - 014533632 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-05-14 16:21 - 2020-04-15 22:28 - 000902656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2020-05-14 16:21 - 2020-04-15 22:27 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-05-14 16:21 - 2020-04-15 22:26 - 000466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2020-05-14 16:21 - 2020-04-15 22:24 - 007799296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-05-14 16:21 - 2020-04-15 22:23 - 000626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2020-05-14 16:21 - 2020-04-15 22:22 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
2020-05-14 16:21 - 2020-04-15 22:20 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-05-14 16:21 - 2020-04-15 22:20 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2020-05-14 16:21 - 2020-04-15 22:19 - 001265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2020-05-14 16:21 - 2020-04-15 22:18 - 005271552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-05-14 16:21 - 2020-04-15 22:16 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-05-14 16:21 - 2020-04-15 22:15 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-05-14 16:21 - 2020-04-15 22:15 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-05-14 16:21 - 2020-04-15 22:14 - 001727488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 001546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2020-05-14 16:21 - 2020-04-15 22:11 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2020-05-14 16:21 - 2020-04-15 22:07 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2020-05-14 16:21 - 2020-04-15 22:05 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2020-05-14 16:21 - 2020-04-14 03:33 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2020-05-14 16:21 - 2020-04-14 03:03 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2020-05-14 16:21 - 2020-04-11 14:42 - 007362296 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-05-14 16:21 - 2020-04-11 14:41 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-05-14 16:21 - 2020-04-11 14:39 - 001542696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-05-14 16:21 - 2020-04-11 14:29 - 001737720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-05-14 16:21 - 2020-04-11 13:31 - 001501096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-05-14 16:21 - 2020-04-11 13:04 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-05-14 16:21 - 2020-04-11 11:55 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-05-14 16:21 - 2020-04-11 11:53 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2020-05-14 16:21 - 2020-04-11 11:48 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-05-14 16:21 - 2020-04-11 11:47 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2020-05-14 16:21 - 2020-04-11 11:23 - 001317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-05-14 16:21 - 2020-04-11 11:22 - 001103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-05-14 16:21 - 2020-04-10 20:12 - 002446576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-05-14 16:21 - 2020-04-10 20:12 - 000428784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-05-14 16:21 - 2020-04-09 09:36 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-05-14 16:21 - 2020-04-07 15:30 - 000988472 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2020-05-14 16:21 - 2020-04-07 15:28 - 000857320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2020-05-14 16:21 - 2020-04-07 09:55 - 003330048 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-05-14 16:21 - 2020-04-07 09:51 - 003636224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-05-14 16:21 - 2020-04-04 12:06 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-05-14 16:21 - 2020-04-04 12:01 - 001572864 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2020-05-14 16:21 - 2020-04-04 11:50 - 000795136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-05-10 10:21 - 2020-05-10 10:21 - 000001134 _____ C:\Users\Public\Desktop\Avira.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-07 21:51 - 2016-07-06 17:47 - 000000000 ____D C:\Users\Perry\AppData\Local\ClassicShell
2020-06-07 21:49 - 2017-02-20 14:17 - 000000000 ____D C:\Users\Perry\AppData\LocalLow\Mozilla
2020-06-07 21:19 - 2020-02-08 18:48 - 000000000 ____D C:\Users\Perry\Downloads\opera autoupdate
2020-06-07 21:19 - 2015-07-25 22:43 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1021941897-2095083384-3793157674-1001
2020-06-07 21:14 - 2019-11-13 10:35 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-07 21:13 - 2015-07-25 22:35 - 000000000 ____D C:\Users\Perry
2020-06-07 21:12 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-07 21:11 - 2015-07-26 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-05 17:24 - 2017-02-13 11:11 - 000000000 ____D C:\Users\Perry\AppData\Local\Autodesk
2020-06-05 15:54 - 2017-01-25 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-06-04 01:53 - 2015-07-26 22:35 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-03 11:40 - 2017-02-15 13:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-06-01 09:14 - 2014-11-21 00:42 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-01 09:14 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2020-06-01 09:08 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2020-05-27 14:29 - 2017-06-16 14:31 - 000000000 ____D C:\Users\Perry\Documents\Electronics_watches_small_appliances
2020-05-27 11:31 - 2020-03-25 11:27 - 000003454 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2020-05-27 10:53 - 2015-08-11 12:32 - 000000000 ____D C:\Users\Perry\Documents\House
2020-05-26 10:36 - 2018-01-12 00:01 - 000208016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-05-23 13:53 - 2015-07-28 23:02 - 000000000 ____D C:\Users\Perry\AppData\Local\Adobe
2020-05-23 11:58 - 2018-09-14 17:55 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-05-23 11:58 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-23 11:58 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-05-23 11:41 - 2019-04-22 09:22 - 000000000 ____D C:\Users\Perry\Downloads\adobe
2020-05-22 10:06 - 2020-01-04 15:50 - 000004054 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1578167430
2020-05-22 10:06 - 2020-01-04 15:50 - 000001340 _____ C:\Users\Perry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-05-21 20:37 - 2016-09-25 15:02 - 000000000 ____D C:\Users\Perry\AppData\Local\NitroSpoolDir
2020-05-21 20:37 - 2015-09-13 23:37 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Nitro
2020-05-19 15:42 - 2020-02-05 16:23 - 000004288 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1580934218
2020-05-19 14:54 - 2017-02-13 12:25 - 000000000 ____D C:\Users\Perry\AppData\Roaming\Autodesk
2020-05-18 09:10 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2020-05-18 09:08 - 2015-08-07 00:19 - 000000000 ____D C:\Windows\system32\MRT
2020-05-18 09:05 - 2015-08-07 00:19 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-17 01:24 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2020-05-14 18:33 - 2013-08-22 10:44 - 000439120 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-14 18:29 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2020-05-14 11:56 - 2016-01-04 13:08 - 000000000 ____D C:\Users\Perry\Documents\Family and Friends
2020-05-12 02:45 - 2015-09-02 17:58 - 000000000 ____D C:\Users\Perry\Documents\Purchase_Receipt_Coupon_Rebate_web
2020-05-11 17:00 - 2016-04-09 22:58 - 000000000 ____D C:\Users\Perry\Documents\Music Lyrics
2020-05-11 16:47 - 2017-02-13 12:25 - 000000000 ____D C:\ProgramData\Autodesk
2020-05-11 09:31 - 2015-06-17 22:16 - 000000000 ____D C:\ProgramData\Package Cache
2020-05-08 11:11 - 2015-07-27 08:12 - 000000000 ____D C:\Users\Perry\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories ========
2005-11-27 01:53 - 2005-11-27 01:53 - 000049152 _____ ( ) C:\Program Files (x86)\Interop.WIA.dll
2013-08-25 19:57 - 2013-08-25 19:57 - 000001968 _____ () C:\Program Files (x86)\License.txt
2017-10-02 15:43 - 2017-10-02 15:43 - 001735384 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Base.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 003530240 _____ () C:\Program Files (x86)\PaintDotNet.Base.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000644824 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Core.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 002113024 _____ () C:\Program Files (x86)\PaintDotNet.Core.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000088280 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Data.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000269824 _____ () C:\Program Files (x86)\PaintDotNet.Data.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000191192 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Effects.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 000488960 _____ () C:\Program Files (x86)\PaintDotNet.Effects.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 001782488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.exe
2017-07-04 18:17 - 2017-07-04 18:17 - 000000534 _____ () C:\Program Files (x86)\PaintDotNet.exe.config
2017-10-02 15:44 - 2017-10-02 15:44 - 000337112 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Framework.dll
2017-10-02 15:44 - 2017-10-02 15:44 - 001166848 _____ () C:\Program Files (x86)\PaintDotNet.Framework.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 004361728 _____ () C:\Program Files (x86)\PaintDotNet.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000405208 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.Resources.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000046592 _____ () C:\Program Files (x86)\PaintDotNet.Resources.pdb
2017-10-01 11:50 - 2017-10-01 11:50 - 000146956 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.cs.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000142725 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.da.resources
2017-10-01 12:03 - 2017-10-01 12:03 - 000148759 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.DE.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000148034 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ES.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000159963 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fa.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000141861 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.fi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150514 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.FR.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000190737 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hi.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147219 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.hu.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000146125 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.it.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000157120 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.JA.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000150122 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.KO.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000148945 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.lt.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144563 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.nl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000145564 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pl.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000147434 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.PT-BR.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000147107 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.pt-PT.resources
2017-07-03 21:50 - 2017-07-03 21:50 - 000140551 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.resources
2017-10-01 17:18 - 2017-10-01 17:18 - 000172936 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.RU.resources
2017-07-20 19:00 - 2017-07-20 19:00 - 000144431 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.sv.resources
2017-08-28 09:24 - 2017-08-28 09:24 - 000136887 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.ZH-CN.resources
2017-10-01 11:50 - 2017-10-01 11:50 - 000139240 ____R () C:\Program Files (x86)\PaintDotNet.Strings.3.zh-TW.resources
2017-10-02 15:43 - 2017-10-02 15:43 - 000566488 _____ (dotPDN LLC) C:\Program Files (x86)\PaintDotNet.SystemLayer.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 001089752 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000996568 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.Native.x86.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000824832 _____ () C:\Program Files (x86)\PaintDotNet.SystemLayer.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\PdnRepair.exe
2015-09-24 20:08 - 2015-09-24 20:08 - 000000235 _____ () C:\Program Files (x86)\PdnRepair.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\PdnRepair.pdb
2017-10-02 15:44 - 2017-10-02 15:44 - 000029912 _____ (dotPDN LLC) C:\Program Files (x86)\SetupNgen.exe
2010-04-21 01:57 - 2010-04-21 01:57 - 000000254 _____ () C:\Program Files (x86)\SetupNgen.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000028160 _____ () C:\Program Files (x86)\SetupNgen.pdb
2017-10-02 15:43 - 2017-10-02 15:43 - 000111832 _____ () C:\Program Files (x86)\ShellExtension_x64.dll
2017-10-02 15:43 - 2017-10-02 15:43 - 000099032 _____ () C:\Program Files (x86)\ShellExtension_x86.dll
2015-08-25 14:41 - 2019-05-14 15:18 - 000000820 _____ () C:\Program Files (x86)\shexview.cfg
2015-08-08 07:55 - 2015-08-25 14:17 - 000171104 _____ (NirSoft) C:\Program Files (x86)\shexview.exe
2017-10-02 15:43 - 2017-10-02 15:43 - 000014040 _____ (dotPDN LLC) C:\Program Files (x86)\UpdateMonitor.exe
2015-09-24 20:10 - 2015-09-24 20:10 - 000000235 _____ () C:\Program Files (x86)\UpdateMonitor.exe.config
2017-10-02 15:43 - 2017-10-02 15:43 - 000013824 _____ () C:\Program Files (x86)\UpdateMonitor.pdb
2015-07-26 00:43 - 2020-01-04 17:08 - 000007609 _____ () C:\Users\Perry\AppData\Local\resmon.resmoncfg
==================== FLock ==============================
2015-06-18 02:17 C:\System Recovery
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-06-07 04:45
==================== End of FRST.txt ========================