View Single Post
  #13  
Old November 20th, 2018, 03:49 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [35760 2017-02-28] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\BASHDefs\2 0181113.001\BHDrvx64.sys [1925104 2018-09-17] (Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1610020.016\ccS etx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-11-18] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77992 2014-07-01] (Fresco Logic)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-11-15] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-09-07] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\IPSDefs\20 181119.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1610020.016\SRT SP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1610020.016\SRT SPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1610020.016\SYM EFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-24] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\SymPlatform\SymEvnt.sy s [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1610020.016\Iro nx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1610020.016\sym nets.sys [567024 2018-11-03] (Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1610020.016\wpC trlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20 161020.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20 161020.020\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-19 18:38 - 2018-11-19 18:39 - 000017907 _____ C:\Users\Dodi's\Desktop\FRST.txt
2018-11-19 18:37 - 2018-11-19 18:38 - 000000000 ____D C:\FRST
2018-11-19 18:33 - 2018-11-19 18:33 - 002416128 _____ (Farbar) C:\Users\Dodi's\Desktop\FRST64.exe
2018-11-18 21:39 - 2018-11-18 21:39 - 000003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-11-18 21:38 - 2018-11-18 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-18 21:27 - 2018-11-18 21:27 - 000080274 _____ C:\Windows\ntbtlog.txt
2018-11-18 14:06 - 2018-11-18 14:06 - 000002350 _____ C:\Users\Dodi's\Desktop\Corel Paint Shop Pro Photo X2.lnk
2018-11-17 12:02 - 2018-11-17 12:09 - 000000000 ____D C:\Users\Dodi's\Desktop\PROCESS EXPLORER
2018-11-17 00:01 - 2018-11-17 00:01 - 000000000 ____D C:\Program Files\WinPcap
2018-11-16 21:22 - 2018-11-16 21:22 - 000293848 _____ C:\Users\Dodi's\Downloads\monthly-stats-oct-2018.pdf
2018-11-15 14:27 - 2018-11-15 14:27 - 000028936 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2018-11-15 14:27 - 2018-11-15 14:27 - 000003218 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2018-11-15 14:27 - 2018-11-15 14:27 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\DiskDefrag
2018-11-15 14:27 - 2018-11-15 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-11-15 14:26 - 2018-11-15 14:26 - 017435624 _____ (Glarysoft Ltd) C:\Users\Dodi's\Downloads\Glary_Utilities_v5.109.0 .134.exe
2018-11-15 14:25 - 2018-11-15 14:25 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\GlarySoft
2018-11-14 20:26 - 2018-11-19 13:02 - 000000000 ____D C:\Users\Dodi's\Desktop\smart phones
2018-11-14 16:14 - 2018-11-14 16:33 - 000001128 _____ C:\Users\Dodi's\Desktop\WAYS TO GET INTO SAFE MODE.txt
2018-11-12 17:25 - 2018-11-12 17:25 - 000012635 _____ C:\Users\Dodi's\Desktop\BENIFITS OF APPLE CIDER VINEGAR.odt
2018-11-10 16:45 - 2018-11-10 16:46 - 001931969 _____ C:\Users\Dodi's\Downloads\ProcessExplorer.zip
2018-11-09 20:43 - 2018-11-18 13:31 - 000000000 ____D C:\Users\Dodi's\Desktop\CAMP FIRE PARADISE
2018-11-08 22:48 - 2018-11-08 22:48 - 000605424 _____ (Reimage) C:\Users\Dodi's\Downloads\ReimageRepair(1).exe
2018-11-08 16:59 - 2018-11-08 16:59 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Zoom
2018-11-08 16:59 - 2018-11-08 16:59 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Zoom
2018-11-07 11:20 - 2018-11-07 11:20 - 000481338 _____ C:\Users\Dodi's\Downloads\HHS-809-W.pdf
2018-11-06 23:49 - 2018-11-10 14:24 - 000000000 ____D C:\Users\Dodi's\Documents\PrintScreen Files
2018-11-04 01:20 - 2018-11-04 01:20 - 000006984 ____N C:\bootsqm.dat
2018-11-03 19:19 - 2018-11-03 19:19 - 000001285 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Standard Edition 7.5.lnk
2018-11-03 19:19 - 2018-11-03 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 7.5
2018-11-03 19:19 - 2018-11-03 19:19 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.5
2018-11-03 19:19 - 2018-10-10 10:23 - 002164080 _____ C:\Windows\ampa.exe
2018-11-03 19:19 - 2017-02-28 13:20 - 000038320 _____ C:\Windows\system32\ampa.sys
2018-11-03 19:19 - 2017-02-28 13:20 - 000035760 _____ C:\Windows\SysWOW64\ampa.sys
2018-11-02 22:30 - 2018-11-02 22:30 - 000000000 ____D C:\Users\Dodi's\Documents\Freemake
2018-11-02 19:23 - 2018-11-02 19:23 - 063833096 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Dodi's\Downloads\PAssist_Std.exe
2018-11-02 19:21 - 2018-11-02 19:21 - 000018445 _____ C:\Users\Dodi's\Desktop\HARD DRIVE REPAIR.odt
2018-10-28 13:35 - 2018-10-28 13:35 - 002187304 _____ (LogMeIn, Inc.) C:\Users\Dodi's\Downloads\Support-LogMeInRescue(1).exe
2018-10-28 13:03 - 2018-10-28 13:03 - 002187304 _____ (LogMeIn, Inc.) C:\Users\Dodi's\Downloads\Support-LogMeInRescue.exe
2018-10-28 12:35 - 2018-11-18 21:46 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2018-10-28 12:28 - 2018-10-28 12:28 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-10-28 11:53 - 2018-10-28 11:53 - 000000000 ____D C:\ProgramData\Norton NFT
2018-10-28 11:52 - 2018-10-28 11:53 - 005144240 _____ (Symantec Corporation) C:\Users\Dodi's\Downloads\NFT.exe
2018-10-28 08:58 - 2018-11-18 21:38 - 000002399 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-10-27 15:03 - 2018-10-27 15:03 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Garmin
2018-10-26 02:12 - 2018-10-26 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-10-24 18:08 - 2018-10-24 18:08 - 000000910 _____ C:\Users\Dodi's\Desktop\Psp - Shortcut - Copy.lnk
2018-10-24 18:07 - 2018-11-18 13:59 - 000000000 ____D C:\Paint Shop Pro 5
2018-10-22 21:45 - 2018-10-22 21:45 - 017367192 _____ (Glarysoft Ltd) C:\Users\Dodi's\Downloads\Glary_Utilities_v5.107.0 .132.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-19 18:21 - 2015-01-07 21:37 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Skype
2018-11-18 21:46 - 2009-07-13 20:45 - 000031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-18 21:46 - 2009-07-13 20:45 - 000031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-18 21:42 - 2015-07-15 13:15 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-11-18 21:42 - 2009-07-13 21:13 - 000795374 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-18 21:42 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-11-18 21:39 - 2018-02-25 07:35 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2018-11-18 21:38 - 2015-01-08 05:10 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-11-18 21:38 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-18 21:06 - 2015-01-09 11:21 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\vlc
2018-11-18 16:03 - 2018-02-11 22:06 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Firestorm_x64
2018-11-18 14:05 - 2016-06-04 10:13 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Corel
2018-11-18 14:02 - 2016-06-04 10:12 - 000000848 ___SH C:\ProgramData\KGyGaAvL.sys
2018-11-18 14:02 - 2016-06-04 10:01 - 000000000 ____D C:\Users\Dodi's\Documents\My PSP Files
2018-11-18 14:01 - 2016-06-04 10:30 - 000000848 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2018-11-18 14:01 - 2016-06-04 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel MediaOne
2018-11-18 13:47 - 2016-06-04 10:01 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Corel
2018-11-18 13:42 - 2017-10-21 22:41 - 000000000 ____D C:\Users\Dodi's\Desktop\RECEPTS
2018-11-17 12:09 - 2015-01-07 22:33 - 000000000 ___RD C:\Users\Dodi's\Desktop\MAINTENCE
2018-11-17 00:00 - 2018-01-11 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2018-11-16 13:57 - 2017-10-04 21:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-16 13:57 - 2015-01-07 14:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 13:57 - 2009-07-13 20:45 - 001228576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-15 14:27 - 2015-07-15 13:16 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-11-14 17:09 - 2015-01-07 22:13 - 000445616 _____ C:\Users\Dodi's\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-12 20:55 - 2018-01-18 18:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-09 14:43 - 2018-02-02 07:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-08 23:24 - 2018-06-13 11:05 - 000000140 _____ C:\Windows\Reimage.ini
2018-11-08 18:41 - 2015-01-07 14:45 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Thunderbird
2018-11-08 18:39 - 2016-11-18 21:11 - 000000000 ____D C:\Users\Dodi's\AppData\LocalLow\Mozilla
2018-11-06 12:44 - 2015-01-12 21:42 - 000000000 ____D C:\Users\Dodi's\Desktop\New folder
2018-11-06 12:43 - 2017-06-30 22:52 - 000000000 ____D C:\Users\Dodi's\Desktop\TERA
2018-11-05 20:22 - 2018-01-28 23:13 - 000000016 _____ C:\Windows\popcinfo.dat
2018-11-04 00:23 - 2015-01-11 22:57 - 000000000 ____D C:\Users\Dodi's\AppData\Local\ElevatedDiagnostics
2018-11-02 21:25 - 2017-05-23 13:58 - 000000000 ____D C:\Users\Dodi's\Documents\AIRFORCE 2025
2018-11-02 21:07 - 2015-09-19 23:33 - 000000000 ___RD C:\Users\Dodi's\Documents\Scanned Documents
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\ProgramData\Trymedia
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\GameHouse Games
2018-10-31 23:19 - 2015-01-11 23:05 - 000000000 ____D C:\Users\Dodi's\AppData\Local\com.gamehouse.acid
2018-10-30 22:50 - 2015-01-08 01:01 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2018-10-30 22:50 - 2015-01-07 14:11 - 000000000 ____D C:\ProgramData\Norton
2018-10-30 22:50 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2018-10-30 22:49 - 2017-03-05 23:26 - 000000000 ____D C:\ProgramData\activeMARK
2018-10-30 21:52 - 2014-11-26 00:36 - 000000000 ____D C:\Users\Dodi's
2018-10-28 13:58 - 2015-06-13 16:07 - 000000000 ____D C:\Users\Dodi's\AppData\Local\NPE
2018-10-28 12:28 - 2009-07-13 21:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-27 21:36 - 2018-07-17 11:30 - 000000000 ____D C:\Users\Dodi's\AppData\Local\ApplicationHistory
2018-10-27 21:27 - 2009-07-13 21:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-10-27 16:03 - 2015-01-09 13:57 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-26 02:12 - 2018-06-12 02:28 - 000001890 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-10-26 02:12 - 2017-08-16 13:30 - 000000000 ____D C:\ProgramData\Garmin
2018-10-26 02:12 - 2017-08-16 13:30 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-10-26 02:12 - 2015-01-08 00:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-24 18:04 - 2015-01-14 21:43 - 000000000 ____D C:\Users\Dodi's\AppData\Local\CrashDumps
2018-10-23 08:17 - 2016-11-10 11:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-22 21:35 - 2015-12-03 21:24 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-21 19:35 - 2015-01-16 23:43 - 000007629 _____ C:\Users\Dodi's\AppData\Local\resmon.resmoncfg
2018-10-20 00:46 - 2018-01-11 01:22 - 000000000 ____D C:\ProgramData\Freemake

==================== Files in the root of some directories =======

2015-11-04 11:46 - 2015-11-04 11:46 - 000000288 _____ () C:\Users\Dodi's\AppData\Roaming\.backup.dm
2015-09-07 14:21 - 2015-11-14 18:34 - 000099384 _____ () C:\Users\Dodi's\AppData\Roaming\inst.exe
2016-12-03 17:34 - 2016-12-21 19:48 - 000001718 _____ () C:\Users\Dodi's\AppData\Roaming\MycoPref4.txt
2015-09-07 14:21 - 2015-11-14 18:34 - 000007859 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.cat
2015-09-07 14:21 - 2015-11-14 18:34 - 000001167 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.inf
2015-09-07 14:21 - 2015-11-14 18:34 - 000000033 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.log
2015-09-07 14:21 - 2015-11-14 18:34 - 000082816 _____ (VSO Software) C:\Users\Dodi's\AppData\Roaming\pcouffin.sys
2015-05-15 13:37 - 2015-05-15 13:37 - 000001181 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.1.txt
2015-05-15 13:37 - 2017-09-02 20:01 - 000000919 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.txt
2015-05-15 13:37 - 2017-09-02 20:01 - 000000000 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.txt-CRT.txt
2015-03-06 15:15 - 2015-03-06 15:16 - 000005120 _____ () C:\Users\Dodi's\AppData\Local\Databases.db
2016-06-04 10:13 - 2018-07-27 16:26 - 000054272 _____ () C:\Users\Dodi's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-16 23:43 - 2018-10-21 19:35 - 000007629 _____ () C:\Users\Dodi's\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-11-17 00:00 - 2018-11-17 00:00 - 018023464 _____ (Ellora Assets Corporation ) C:\Users\Dodi's\AppData\Local\Temp\FreemakeVideoDo wnloaderFull.exe
2018-11-17 00:00 - 2018-11-17 00:00 - 001011240 _____ (Ellora Assets Corporation ) C:\Users\Dodi's\AppData\Local\Temp\VideoDownloader .exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:49

==================== End of FRST.txt ============================
Reply With Quote