ifferent Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018 Ran by Lou (administrator) on LOU-PC (26-01-2018 08:44:48) Running from C:\Users\Lou\Desktop Loaded Profiles: Lou (Available Profiles: Lou & Bec) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\Temp\msvcdvrsrv.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Lou\AppData\Local\lsacuxc\lsacuxc.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe () C:\Users\Lou\AppData\Local\lsacuxc\winbidy.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard ) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-26] (AVAST Software) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E60803EC-3EF6-47A2-B5BA-0C14701C911B}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3034223004-1617221123-39064544-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-26] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-26] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default [2018-01-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-26] CHR Extension: (Chrome Media Router) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-26] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\cgrctcgg <==== ATTENTION (Rootkit!) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-26] (AVAST Software) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-26] (AVAST Software) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed] S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed] S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5618960 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2017-11-15] (AVG Technologies CZ, s.r.o.) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2017-11-15] (AVG Technologies CZ, s.r.o.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-26] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-26] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-26] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-26] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-26] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-26] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-26] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-26] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-26] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-26] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-26] (AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-26] (AVAST Software) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) U1 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-26 08:42 - 2018-01-26 08:43 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Lou\Downloads\mbar-1.10.3.1001 (1).exe 2018-01-26 08:36 - 2018-01-26 08:36 - 000113488 _____ C:\Windows\system32\Drivers\winjmpsw.sys 2018-01-26 08:26 - 2018-01-26 08:26 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Lou\Downloads\mbar-1.10.3.1001.exe 2018-01-26 08:12 - 2018-01-26 08:12 - 000000000 ____D C:\Users\Lou\AppData\Roaming\AVAST Software 2018-01-26 08:11 - 2018-01-26 08:11 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-01-26 08:11 - 2018-01-26 08:11 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-01-26 08:11 - 2018-01-26 08:11 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2018-01-26 08:11 - 2018-01-26 08:11 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job 2018-01-26 08:11 - 2018-01-26 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-01-26 08:11 - 2018-01-26 08:10 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-01-26 08:11 - 2018-01-26 08:10 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-01-26 08:10 - 2018-01-26 08:10 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-01-26 08:09 - 2018-01-26 08:09 - 000000000 ____D C:\Program Files\AVAST Software 2018-01-26 08:07 - 2018-01-26 08:24 - 000020139 _____ C:\Users\Lou\Desktop\Fixlog.txt 2018-01-26 08:07 - 2018-01-26 08:07 - 000000000 ____D C:\Users\Lou\Desktop\FRST-OlderVersion 2018-01-26 08:04 - 2018-01-26 08:12 - 000013485 _____ C:\Users\Lou\Desktop\fixlist.txt 2018-01-26 08:03 - 2018-01-26 08:03 - 006654960 _____ (AVAST Software) C:\Users\Lou\Downloads\avast_free_antivirus_setup_online_cnet1.exe 2018-01-26 08:01 - 2018-01-26 08:01 - 000000000 ____D C:\Users\Lou\Documents\Add-in Express 2018-01-19 13:39 - 2018-01-19 13:39 - 042917648 _____ (Microsoft Corporation) C:\Users\Lou\Downloads\mpas-fe.exe 2018-01-19 12:00 - 2018-01-19 12:05 - 000035348 _____ C:\Users\Lou\Desktop\Addition.txt 2018-01-19 11:59 - 2018-01-26 08:45 - 000010917 _____ C:\Users\Lou\Desktop\FRST.txt 2018-01-19 11:58 - 2018-01-26 08:24 - 000000000 ____D C:\FRST 2018-01-19 11:58 - 2018-01-26 08:07 - 002393088 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe 2018-01-19 11:58 - 2018-01-19 11:58 - 000000000 ____D C:\Users\Lou\Downloads\FRST-OlderVersion 2018-01-19 11:43 - 2018-01-19 16:06 - 000004940 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lou-PC-Lou Lou-PC 2018-01-19 11:10 - 2018-01-19 11:16 - 000000000 ____D C:\AdwCleaner 2018-01-19 11:09 - 2018-01-19 11:09 - 008206624 _____ (Malwarebytes) C:\Users\Lou\Downloads\adwcleaner_7.0.7.0.exe 2018-01-01 15:39 - 2018-01-01 15:39 - 002630064 _____ C:\Users\Lou\Downloads\Adaware_Installer.exe 2018-01-01 15:39 - 2018-01-01 15:39 - 000000000 ____D C:\ProgramData\adaware 2018-01-01 15:35 - 2018-01-01 15:35 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151575955558002 2018-01-01 15:35 - 2018-01-01 15:35 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys.151575955558002 2018-01-01 15:35 - 2018-01-01 15:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2018-01-01 15:33 - 2018-01-26 08:09 - 000000000 ____D C:\ProgramData\AVAST Software 2018-01-01 15:33 - 2018-01-01 15:33 - 006654960 _____ (AVAST Software) C:\Users\Lou\Downloads\avast_free_antivirus_setup_online_cnet2.exe 2017-12-31 10:07 - 2018-01-26 08:41 - 014680064 _____ C:\Windows\system32\config\HARDWARE 2017-12-31 10:07 - 2018-01-26 08:36 - 014569472 _____ C:\Windows\system32\config\SYSTEM ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-26 08:42 - 2017-09-01 08:07 - 000000000 ____D C:\Users\Lou\AppData\Local\lsacuxc 2018-01-26 08:38 - 2017-09-01 14:45 - 000000000 _____ C:\Windows\SysWOW64\last.dump 2018-01-26 08:36 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-26 08:36 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-26 08:36 - 2009-07-13 23:45 - 000015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-26 08:06 - 2017-09-02 19:11 - 000227792 _____ C:\Windows\ntbtlog.txt 2018-01-26 08:01 - 2017-01-22 18:10 - 000000000 ____D C:\ProgramData\WinZip 2018-01-26 07:57 - 2017-09-01 08:01 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2018-01-19 11:27 - 2016-12-28 18:24 - 000000000 ___SD C:\Users\Lou\AppData\LocalLow\Temp 2018-01-19 10:02 - 2017-09-02 19:16 - 000000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics 2018-01-05 11:43 - 2017-09-01 16:37 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-05 11:43 - 2017-09-01 16:37 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2017-09-22 19:14 - 2017-09-22 19:14 - 000003584 _____ () C:\Users\Lou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-09-01 07:54 - 2017-09-01 07:54 - 000014848 _____ () C:\Users\Lou\AppData\Local\s64prt.dll Some files in TEMP: ==================== 2017-09-22 20:31 - 2017-09-22 20:31 - 034589584 _____ (Ellora Assets Corporation ) C:\Users\Lou\AppData\Local\Temp\FreemakeVideoConverterFull.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-24 03:14 ==================== End of FRST.txt ============================