Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017 Ran by jarve (administrator) on DESKTOP-VN9COPN (31-10-2017 12:21:26) Running from C:\Users\jarve\Downloads Loaded Profiles: jarve (Available Profiles: defaultuser0 & jarve) Platform: Windows 10 Home Version 1607 14393.447 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-20] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 Tcpip\..\Interfaces\{072f1c79-04b9-4f37-9231-c80d2ee595b5}: [DhcpNameServer] 172.16.0.1 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-30] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_09¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0B0AyB0FyC0E0CyCtB0BtN0D0Tzu0StCyDtBtAtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StC0AyE0Dzz0CyCzytGtC0E0B0DtG0B0F0E0AtGtAzztBzytG0EzytDtBtCyDtD0FtCzytD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0B0FyEyD0B0CtGtCtB0EzytGyEzyzyyEtG0A0Bzy0FtGyDtBtCzyyD0B0CyBtC0ByCyB2QtN0A0LzuyE%26cr%3D842702862%26a%3Dwncy_ir_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_09¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzztB0AyBtB0B0AyB0FyC0E0CyCtB0BtN0D0Tzu0StCyDtBtAtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StC0AyE0Dzz0CyCzytGtC0E0B0DtG0B0F0E0AtGtAzztBzytG0EzytDtBtCyDtD0FtCzytD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0B0FyEyD0B0CtGtCtB0EzytGyEzyzyyEtG0A0Bzy0FtGyDtBtCzyyD0B0CyBtC0ByCyB2QtN0A0LzuyE%26cr%3D842702862%26a%3Dwncy_ir_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome" CHR Profile: C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default [2017-10-31] CHR Extension: (Slides) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-30] CHR Extension: (Docs) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-30] CHR Extension: (Google Drive) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-30] CHR Extension: (YouTube) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-30] CHR Extension: (Sheets) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-30] CHR Extension: (Google Docs Offline) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-30] CHR Extension: (AdBlock) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-30] CHR Extension: (Gmail) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-30] CHR Extension: (Chrome Media Router) - C:\Users\jarve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-30] CHR Profile: C:\Users\jarve\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-30] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-28] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-17] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] () R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-30] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-10-31] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-10-31] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-30] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-10-31] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-08-04] (Realsil Semiconductor Corporation) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-31 12:21 - 2017-10-31 12:22 - 000009947 _____ C:\Users\jarve\Downloads\FRST.txt 2017-10-31 12:20 - 2017-10-31 12:21 - 002403328 _____ (Farbar) C:\Users\jarve\Downloads\FRST64.exe 2017-10-30 19:34 - 2017-10-30 19:34 - 000000000 ____D C:\Users\jarve\AppData\Roaming\Cuphead 2017-10-30 19:08 - 2017-10-30 19:08 - 000000000 ___HD C:\OneDriveTemp 2017-10-30 16:28 - 2017-10-30 16:28 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini 2017-10-30 16:28 - 2017-10-30 16:28 - 000000000 ____D C:\Users\defaultuser0 2017-10-30 15:11 - 2017-10-30 15:11 - 000001100 _____ C:\Users\jarve\Desktop\Cuphead - Shortcut.lnk 2017-10-30 15:10 - 2017-10-30 15:10 - 000001627 _____ C:\Users\jarve\Desktop\Launch Undertale (2).lnk 2017-10-30 15:10 - 2017-10-30 15:10 - 000001248 _____ C:\Users\jarve\Desktop\LeagueClient - Shortcut.lnk 2017-10-30 14:54 - 2017-10-30 14:54 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore 2017-10-30 14:24 - 2017-10-30 14:24 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2017-10-30 13:51 - 2017-10-30 13:51 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-10-30 13:51 - 2017-10-30 13:51 - 000000000 ____D C:\Program Files\HitmanPro 2017-10-30 13:50 - 2017-10-30 14:24 - 000000000 ____D C:\ProgramData\HitmanPro 2017-10-30 13:48 - 2017-10-30 13:49 - 011584088 _____ (SurfRight B.V.) C:\Users\jarve\Downloads\hitmanpro_x64.exe 2017-10-30 13:46 - 2017-10-30 13:46 - 000000000 ____D C:\Users\jarve\AppData\Roaming\Google 2017-10-30 13:39 - 2017-10-30 13:39 - 000000000 ____D C:\Users\jarve\AppData\Local\TeamViewer 2017-10-30 13:36 - 2017-10-30 13:36 - 000000000 ____D C:\Users\jarve\OneDrive\Documents\League of Legends 2017-10-30 13:36 - 2017-10-30 13:36 - 000000000 ____D C:\Users\jarve\AppData\Local\CEF 2017-10-30 13:35 - 2017-10-30 13:35 - 000000000 ____D C:\ProgramData\Riot Games 2017-10-30 13:19 - 2017-10-31 12:14 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-10-30 13:19 - 2017-10-31 12:14 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-10-30 13:19 - 2017-10-31 12:14 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-10-30 13:19 - 2017-10-30 13:19 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-10-30 13:19 - 2017-10-30 13:19 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-10-30 13:18 - 2017-10-30 13:18 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-30 13:18 - 2017-10-30 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-30 13:18 - 2017-10-30 13:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-30 13:18 - 2017-10-30 13:18 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-30 13:18 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-10-30 13:16 - 2017-10-30 13:18 - 071535032 _____ (Malwarebytes ) C:\Users\jarve\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe 2017-10-30 13:15 - 2017-10-30 13:15 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-10-30 13:15 - 2017-10-30 13:15 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-10-30 13:12 - 2017-10-30 13:12 - 000000000 ___HD C:\$SysReset 2017-10-30 13:11 - 2017-10-30 13:11 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-10-30 13:11 - 2017-10-30 13:11 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-10-30 13:10 - 2017-10-30 13:25 - 000000000 ____D C:\Users\jarve\AppData\Local\Google 2017-10-30 13:10 - 2017-10-30 13:14 - 000000000 ____D C:\Program Files (x86)\Google 2017-10-30 13:09 - 2017-10-30 13:10 - 001130328 _____ (Google Inc.) C:\Users\jarve\Downloads\ChromeSetup.exe 2017-10-30 13:06 - 2017-10-30 13:31 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-30 13:06 - 2017-10-30 13:06 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-10-30 13:06 - 2017-10-30 13:06 - 000001106 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-10-30 13:06 - 2017-10-30 13:06 - 000000000 ____D C:\Users\jarve\AppData\Roaming\TeamViewer 2017-10-30 13:01 - 2017-10-30 13:05 - 015756368 _____ (TeamViewer GmbH) C:\Users\jarve\Downloads\TeamViewer_Setup.exe 2017-10-30 13:00 - 2017-10-30 13:00 - 000000000 ____D C:\Users\jarve\AppData\Local\MicrosoftEdge 2017-10-30 12:55 - 2017-10-30 12:55 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3153095952-3643323737-3012868281-1001 2017-10-30 12:52 - 2017-10-30 12:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2017-10-30 12:52 - 2017-10-30 12:52 - 000000000 ____D C:\Program Files\Synaptics 2017-10-30 12:52 - 2017-02-16 02:07 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID.sys 2017-10-30 12:51 - 2017-10-31 12:16 - 000000000 ___RD C:\Users\jarve\OneDrive 2017-10-30 12:51 - 2017-10-30 12:55 - 000002369 _____ C:\Users\jarve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-10-30 12:51 - 2017-10-30 12:51 - 000000000 ____D C:\Program Files\Common Files\Atheros 2017-10-30 12:50 - 2017-10-31 12:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-10-30 12:50 - 2017-10-31 12:15 - 000000000 __SHD C:\Users\jarve\IntelGraphicsProfiles 2017-10-30 12:50 - 2017-10-30 12:50 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2017-10-30 12:50 - 2017-10-30 12:50 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2017-10-30 12:50 - 2017-10-30 12:50 - 000000000 ____D C:\Program Files\Intel 2017-10-30 12:50 - 2017-10-30 12:50 - 000000000 ____D C:\Program Files (x86)\Intel 2017-10-30 12:50 - 2017-10-30 12:50 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2017-10-30 12:50 - 2017-02-16 00:21 - 000112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2017-10-30 12:50 - 2017-02-16 00:21 - 000108560 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2017-10-30 12:49 - 2017-10-30 12:49 - 000000000 ___HD C:\$GetCurrent 2017-10-30 12:48 - 2017-10-30 12:50 - 000000000 ____D C:\Windows10Upgrade 2017-10-30 12:48 - 2017-10-30 12:48 - 000000819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk 2017-10-30 12:48 - 2017-10-30 12:48 - 000000807 _____ C:\Users\jarve\Desktop\Windows 10 Upgrade Assistant.lnk 2017-10-30 12:47 - 2017-10-30 12:47 - 000000000 ____D C:\Users\jarve\AppData\Local\Comms 2017-10-30 12:46 - 2017-10-30 13:04 - 000000000 ____D C:\Users\jarve\AppData\Local\PackageStaging 2017-10-30 12:46 - 2017-10-30 12:46 - 000000000 ____D C:\Users\jarve\AppData\Local\Publishers 2017-10-30 12:45 - 2017-10-30 19:05 - 000000000 ____D C:\Users\jarve\AppData\Local\ConnectedDevicesPlatform 2017-10-30 12:45 - 2017-10-30 13:04 - 000000000 ____D C:\Users\jarve\AppData\Local\Packages 2017-10-30 12:45 - 2017-10-30 12:45 - 000000000 ____D C:\Users\jarve\AppData\Roaming\Adobe 2017-10-30 12:45 - 2017-10-30 12:45 - 000000000 ____D C:\Users\jarve\AppData\Local\VirtualStore 2017-10-30 12:45 - 2017-10-30 12:45 - 000000000 ____D C:\Users\jarve\AppData\Local\TileDataLayer 2017-10-30 12:43 - 2017-10-31 12:15 - 000000000 ____D C:\Users\jarve 2017-10-30 12:43 - 2017-10-30 12:43 - 000000020 ___SH C:\Users\jarve\ntuser.ini 2017-10-30 12:43 - 2017-10-30 12:43 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\NetworkTiles 2017-10-30 12:42 - 2017-10-30 12:42 - 001019725 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2017-10-30 12:42 - 2017-10-30 12:42 - 000455938 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat 2017-10-30 12:42 - 2017-10-30 12:42 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat 2017-10-30 12:42 - 2017-10-30 12:42 - 000019678 _____ C:\WINDOWS\system32\Drivers\rtwavesmaprocap.dat 2017-10-30 12:42 - 2017-10-30 12:42 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat 2017-10-30 12:42 - 2017-10-30 12:42 - 000003218 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton 2017-10-30 12:42 - 2017-10-30 12:42 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2017-10-30 12:41 - 2017-10-30 12:41 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2017-10-30 12:41 - 2017-10-30 12:41 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2017-10-30 12:41 - 2017-10-30 12:41 - 000000000 ____D C:\Program Files\Realtek 2017-10-30 12:32 - 2017-10-30 12:33 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages 2017-10-30 12:32 - 2017-10-30 12:32 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore 2017-10-30 12:32 - 2017-10-30 12:32 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer 2017-10-30 12:32 - 2017-10-30 12:32 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform 2017-10-30 12:30 - 2017-10-30 12:30 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-10-30 12:30 - 2017-05-24 22:56 - 000038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe 2017-10-30 12:12 - 2017-10-30 12:30 - 000000000 ___DC C:\WINDOWS\Panther 2017-10-30 12:10 - 2017-10-30 14:33 - 000000000 ____D C:\Windows.old 2017-10-30 12:10 - 2017-10-30 12:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2017-10-30 06:28 - 2017-10-30 12:10 - 000000000 ___HD C:\$WINDOWS.~BT 2017-10-30 04:24 - 2017-10-30 04:24 - 000000000 ___HD C:\$Windows.~WS 2017-10-29 11:58 - 2017-10-30 06:28 - 000000000 ____D C:\ESD 2017-10-28 15:41 - 2017-10-31 12:21 - 000000000 ____D C:\FRST ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-31 12:20 - 2016-11-20 11:47 - 000932276 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-10-31 12:20 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\appcompat 2017-10-31 12:14 - 2016-11-20 11:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-31 12:14 - 2016-11-20 11:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-30 19:02 - 2016-11-20 11:37 - 000194224 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-30 15:23 - 2016-07-15 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2017-10-30 13:28 - 2016-05-06 20:17 - 000000000 ____D C:\a 2017-10-30 13:24 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-10-30 13:04 - 2016-07-16 04:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-10-30 12:54 - 2016-07-16 04:45 - 000000000 ____D C:\WINDOWS\INF 2017-10-30 12:47 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-10-30 12:45 - 2016-11-20 11:51 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-30 12:43 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-10-30 12:30 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-10-30 12:30 - 2016-07-16 04:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-30 12:26 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\rescache 2017-10-30 12:25 - 2016-07-16 04:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-30 12:20 - 2016-07-15 23:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2017-10-30 12:12 - 2016-07-16 04:47 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-10-10 11:17 - 2016-07-26 17:26 - 000000000 ____D C:\GOG Games ==================== Files in the root of some directories ======= 2017-10-30 12:42 - 2017-10-30 12:42 - 000000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-30 12:13 ==================== End of FRST.txt ============================