Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 Ran by CRISS (administrator) on MOM (10-04-2016 16:45:40) Running from C:\Users\CRISS\Downloads Loaded Profiles: CRISS (Available Profiles: CRISS) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe () C:\Users\CRISS\Downloads\RogueKiller.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [404912 2015-07-25] () HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2841536 2016-02-23] (NVIDIA Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23260000 2016-02-24] (Google) HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\MountPoints2: {e6798fb3-eca7-11e5-bea4-606c6696d538} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175552 2016-02-23] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2016-02-23] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-07] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-07] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileSyncShell64.dll [2016-03-07] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-07] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-07] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncShell.dll [2016-03-07] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2016-03-01] ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\CRISS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-04-10] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll" Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll" Hosts: 127.0.0.1 localhost Tcpip\..\Interfaces\{c4b7cd85-4dd3-4292-acd8-71b5623db5fd}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1 HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1 HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl SearchScopes: HKLM -> {CE9BDB28-1C3C-43D3-9806-BAAE8BC179B7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002 -> {FB483592-31A5-4A21-9CF6-1CB86E626269} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-01-13] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2970289936-2773803776-1462311369-1002: @tools.google.com/Google Update;version=3 -> C:\Users\CRISS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.) FF Plugin HKU\S-1-5-21-2970289936-2773803776-1462311369-1002: @tools.google.com/Google Update;version=9 -> C:\Users\CRISS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) Chrome: ======= CHR HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CRISS\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-12] CHR HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-02-23] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-07-25] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation) S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-02-23] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3719104 2016-02-23] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2617792 2016-02-23] (NVIDIA Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [747800 2015-12-14] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260216 2015-12-09] (Synaptics Incorporated) S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) S4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X] S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation) S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-02-26] () R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] () S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71288 2015-12-09] (Synaptics Incorporated) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2015-12-14] (DEVGURU Co., LTD.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] () R3 visctap0901; C:\Windows\System32\drivers\visctap0901.sys [34440 2015-07-10] (The OpenVPN Project) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-04-10] () S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-10 16:40 - 2016-04-10 16:40 - 00042820 _____ C:\Users\CRISS\Downloads\Shortcut.txt 2016-04-10 16:40 - 2016-04-10 16:40 - 00036269 _____ C:\Users\CRISS\Downloads\Addition.txt 2016-04-10 16:39 - 2016-04-10 16:45 - 00020563 _____ C:\Users\CRISS\Downloads\FRST.txt 2016-04-10 16:38 - 2016-04-10 16:45 - 00000000 ____D C:\FRST 2016-04-10 16:37 - 2016-04-10 16:38 - 02375168 _____ (Farbar) C:\Users\CRISS\Downloads\FRST64.exe 2016-04-10 16:31 - 2016-04-10 16:31 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2016-04-10 16:30 - 2016-04-10 16:30 - 19765320 _____ C:\Users\CRISS\Downloads\RogueKiller.exe 2016-04-10 16:16 - 2016-04-10 16:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-04-10 16:16 - 2016-04-10 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2016-04-10 16:10 - 2016-04-10 16:10 - 03465280 _____ C:\Users\CRISS\Downloads\AdwCleaner.exe 2016-04-10 16:05 - 2016-04-10 16:09 - 00669700 _____ C:\TDSSKiller.3.1.0.9_10.04.2016_16.05.56_log.txt 2016-04-10 16:02 - 2016-04-10 16:03 - 00085860 _____ C:\TDSSKiller.3.1.0.9_10.04.2016_16.02.01_log.txt 2016-04-10 16:01 - 2016-04-10 16:01 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\CRISS\Downloads\tdsskiller.exe 2016-04-10 16:00 - 2016-04-10 16:00 - 01610352 _____ (Malwarebytes) C:\Users\CRISS\Downloads\JRT.exe 2016-04-10 15:56 - 2016-04-10 16:23 - 00002180 _____ C:\Users\CRISS\Desktop\Rkill.txt 2016-04-10 15:56 - 2016-04-10 15:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\CRISS\Downloads\rkill.com 2016-04-10 15:56 - 2016-04-10 15:56 - 00000000 ____D C:\Users\CRISS\Desktop\rkill 2016-04-10 10:16 - 2016-04-10 10:16 - 00002324 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk 2016-04-10 10:16 - 2016-04-10 10:16 - 00001257 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk 2016-04-10 10:16 - 2016-04-10 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-04-10 10:16 - 2016-04-10 10:16 - 00000000 ____D C:\Program Files\HP 2016-04-10 10:16 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMC211.dll 2016-04-10 09:37 - 2016-04-10 10:11 - 00000000 ____D C:\ProgramData\Visan 2016-04-10 09:37 - 2016-04-10 09:37 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\HpUpdate 2016-04-10 09:36 - 2016-04-10 10:16 - 00000000 ____D C:\Program Files (x86)\HP 2016-04-10 09:32 - 2016-04-10 09:32 - 02082084 _____ C:\Users\CRISS\Documents\HP PRINTER.pdf 2016-04-10 09:23 - 2016-04-10 09:23 - 00001234 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2016-04-10 09:23 - 2016-04-10 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2016-04-10 09:16 - 2016-04-10 16:13 - 00000000 ____D C:\AdwCleaner 2016-04-10 09:08 - 2016-04-10 16:20 - 00000691 _____ C:\Users\CRISS\Desktop\JRT.txt 2016-04-10 08:48 - 2016-04-10 10:16 - 00000000 ____D C:\ProgramData\HP 2016-04-10 08:46 - 2016-04-10 08:46 - 00000057 _____ C:\ProgramData\Ament.ini 2016-04-07 20:47 - 2016-04-09 16:23 - 00000000 ___RD C:\Users\CRISS\Desktop\folder files 2016-04-07 20:14 - 2016-04-07 20:14 - 00000000 ____D C:\Users\CRISS\Documents\Custom Office Templates 2016-04-07 19:20 - 2016-04-07 19:20 - 00000279 _____ C:\Users\CRISS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick access.lnk 2016-04-05 19:03 - 2016-04-09 21:50 - 00000000 ____D C:\Users\CRISS\Desktop\YT Downloads 2016-04-05 18:51 - 2016-04-05 18:51 - 00001408 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2016-04-05 18:51 - 2016-04-05 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2016-04-04 20:30 - 2016-04-04 20:30 - 00048463 _____ C:\Users\CRISS\Documents\PGRInsuranceIDCard.pdf 2016-04-02 20:17 - 2016-04-02 20:17 - 00000000 ____D C:\Users\CRISS\AppData\Local\MusicBrainz 2016-04-02 20:16 - 2016-04-02 20:16 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk 2016-04-02 20:16 - 2016-04-02 20:16 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard 2016-03-27 13:33 - 2016-03-27 13:33 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\MusicBrainz 2016-03-27 13:04 - 2016-03-27 13:03 - 00268352 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2016-03-27 13:03 - 2016-04-01 21:28 - 00000000 ____D C:\ProgramData\Oracle 2016-03-27 13:03 - 2016-03-27 13:03 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\Sun 2016-03-27 13:02 - 2016-03-27 13:02 - 00000000 ____D C:\Users\CRISS\AppData\LocalLow\Oracle 2016-03-26 19:08 - 2016-03-26 19:08 - 00003388 _____ C:\WINDOWS\System32\Tasks\Computer Protector Job 2016-03-25 03:06 - 2016-03-25 03:06 - 00007605 _____ C:\Users\CRISS\AppData\Local\Resmon.ResmonCfg 2016-03-24 04:49 - 2016-04-10 09:37 - 00000000 ____D C:\WINDOWS\LastGood 2016-03-24 04:49 - 2013-08-21 15:25 - 00429272 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys 2016-03-24 04:49 - 2013-04-25 18:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsPerIcon.dll 2016-03-24 04:43 - 2016-03-24 04:43 - 00000190 _____ C:\WINDOWS\HPSetLog.txt 2016-03-24 04:39 - 2013-08-16 05:21 - 08153088 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 08078848 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe 2016-03-24 04:39 - 2013-08-16 05:21 - 06101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 02230784 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl 2016-03-24 04:39 - 2013-08-16 05:21 - 01703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe 2016-03-24 04:39 - 2013-08-16 05:21 - 00697856 ____N (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll 2016-03-24 04:39 - 2013-08-16 05:21 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe 2016-03-24 04:39 - 2013-08-16 05:21 - 00224768 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll 2016-03-24 04:39 - 2013-01-25 07:26 - 00042508 _____ C:\WINDOWS\system32\DREAMWORKS.XML 2016-03-24 04:39 - 2011-05-17 17:25 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll 2016-03-24 04:18 - 2016-03-24 04:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-03-22 18:51 - 2016-03-22 18:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-03-21 09:21 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-03-21 07:26 - 2016-03-21 09:06 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\Hewlett-Packard 2016-03-21 07:26 - 2016-02-21 09:55 - 00003092 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder 2016-03-21 07:04 - 2016-03-21 07:04 - 00000000 ___HD C:\$Windows.~WS 2016-03-21 07:01 - 2016-02-21 12:48 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\hpqlog 2016-03-19 21:35 - 2015-10-30 02:18 - 46258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\imageres.dll 2016-03-19 21:28 - 2016-03-19 21:36 - 00000000 ____D C:\ProgramData\D83C629D-C688-4A07-8615-94974D65F157 2016-03-19 21:28 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll.backup 2016-03-19 21:28 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe.backup 2016-03-19 21:28 - 2015-11-22 04:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll.backup 2016-03-19 21:28 - 2015-10-30 02:19 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 46258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\imageres.dll.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 02064896 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll.backup 2016-03-19 21:28 - 2015-10-30 02:18 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll.backup 2016-03-19 08:45 - 2016-03-19 08:45 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\wurst 2016-03-19 08:33 - 2016-03-19 08:33 - 00000000 ____D C:\ProgramData\Ashampoo 2016-03-19 00:11 - 2016-03-19 00:11 - 00019284 _____ C:\Users\CRISS\Documents\DAD OBITUARY.docm 2016-03-18 22:04 - 2016-03-18 22:04 - 00093669 _____ C:\Users\CRISS\Documents\DAD OBITUARY.htm 2016-03-18 22:04 - 2016-03-18 22:04 - 00000000 ____D C:\Users\CRISS\Documents\DAD OBITUARY_files 2016-03-12 18:11 - 2016-03-12 18:11 - 00000000 ___HD C:\OneDriveTemp 2016-03-12 10:59 - 2016-03-12 10:59 - 00001801 _____ C:\Users\CRISS\Desktop\Google Drive.lnk 2016-03-12 10:55 - 2016-03-12 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-03-11 20:44 - 2016-03-27 13:31 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\Opera Software 2016-03-11 20:44 - 2016-03-27 13:31 - 00000000 ____D C:\Users\CRISS\AppData\Local\Opera Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-10 16:41 - 2016-02-21 11:31 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-10 16:22 - 2016-02-21 09:39 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 16:22 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-10 16:18 - 2016-02-22 23:10 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2016-04-10 16:16 - 2016-02-21 11:31 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-10 16:16 - 2016-02-21 10:16 - 00000000 __SHD C:\Users\CRISS\IntelGraphicsProfiles 2016-04-10 16:15 - 2016-02-21 09:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-10 16:14 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-04-10 15:43 - 2014-06-21 06:28 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{77D17AB1-3221-40A0-B96A-A2A03692AFEA} 2016-04-10 15:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-10 15:03 - 2016-02-28 19:14 - 00000000 ____D C:\Users\CRISS\AppData\Local\CrashDumps 2016-04-10 10:49 - 2016-02-21 11:39 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002UA.job 2016-04-10 10:49 - 2016-02-21 11:39 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002Core.job 2016-04-10 10:44 - 2016-02-22 19:49 - 00000000 ____D C:\Users\CRISS\AppData\Local\ElevatedDiagnostics 2016-04-10 10:33 - 2016-03-01 18:51 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2016-04-10 09:37 - 2016-02-24 19:22 - 00000000 ____D C:\Users\CRISS\AppData\Local\HP 2016-04-10 09:37 - 2013-06-04 17:56 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-04-10 09:23 - 2016-03-05 00:18 - 00000000 ____D C:\Program Files (x86)\IObit 2016-04-10 09:23 - 2016-03-05 00:17 - 00000000 ____D C:\ProgramData\IObit 2016-04-10 09:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-09 22:21 - 2016-02-21 09:39 - 00000000 ____D C:\Users\CRISS 2016-04-09 19:19 - 2016-02-28 20:00 - 00000000 ___RD C:\Users\CRISS\Google Drive 2016-04-08 18:27 - 2016-02-21 12:22 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-08 18:11 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-07 19:44 - 2016-03-04 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Cleaner 2016-04-07 19:44 - 2016-03-04 21:41 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-04-05 18:50 - 2016-03-05 00:18 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\IObit 2016-04-04 20:24 - 2014-06-21 06:27 - 00000000 ____D C:\Users\CRISS\AppData\Local\Packages 2016-04-02 19:51 - 2012-07-26 00:26 - 00000251 _____ C:\WINDOWS\win.ini 2016-03-31 15:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-03-27 17:35 - 2016-02-22 19:11 - 00000000 ____D C:\Users\CRISS\.oracle_jre_usage 2016-03-27 13:18 - 2016-02-21 11:31 - 00000000 ____D C:\Users\CRISS\AppData\Local\Google 2016-03-27 13:18 - 2016-02-21 11:31 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-26 20:50 - 2016-03-10 05:28 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\FlvtoConverter 2016-03-26 04:49 - 2016-03-10 21:03 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-03-24 04:52 - 2014-06-21 02:43 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-24 04:50 - 2012-12-20 19:45 - 00000000 ____D C:\Program Files\Hewlett-Packard 2016-03-24 04:49 - 2016-02-21 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-03-24 04:49 - 2014-06-21 02:52 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-03-24 04:39 - 2014-06-21 02:47 - 00000000 ____D C:\Program Files\IDT 2016-03-24 04:32 - 2012-08-03 19:02 - 00000000 ____D C:\SWSetup 2016-03-24 03:34 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache 2016-03-22 18:31 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-19 12:08 - 2016-02-21 10:33 - 00000000 ____D C:\Users\CRISS\AppData\Local\MicrosoftEdge 2016-03-17 19:17 - 2016-03-10 21:04 - 00000000 ____D C:\Users\CRISS\AppData\Roaming\Samsung 2016-03-17 19:17 - 2013-06-04 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-15 20:08 - 2016-02-21 10:15 - 00000000 ___RD C:\Users\CRISS\OneDrive 2016-03-12 10:47 - 2016-02-22 19:11 - 00000000 ____D C:\Users\CRISS\.frostwire5 ==================== Files in the root of some directories ======= 2016-03-25 03:06 - 2016-03-25 03:06 - 0007605 _____ () C:\Users\CRISS\AppData\Local\Resmon.ResmonCfg 2016-04-10 08:46 - 2016-04-10 08:46 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\CRISS\AppData\Local\Temp\dllnt_dump.dll C:\Users\CRISS\AppData\Local\Temp\hp2_upd2_v1021.exe C:\Users\CRISS\AppData\Local\Temp\hp2_upd2_v1028.exe C:\Users\CRISS\AppData\Local\Temp\hp_u_23822.exe C:\Users\CRISS\AppData\Local\Temp\libeay32.dll C:\Users\CRISS\AppData\Local\Temp\msvcr120.dll C:\Users\CRISS\AppData\Local\Temp\Package_en_ww.exe C:\Users\CRISS\AppData\Local\Temp\SDAPPUP.exe C:\Users\CRISS\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-01 02:56 ==================== End of FRST.txt ============================