Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018 Ran by William (administrator) on MARTOVICH (16-04-2018 17:38:21) Running from C:\Users\Helen\Desktop Loaded Profiles: William (Available Profiles: William & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Bethesda Softworks) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSE.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe () C:\Program Files (x86)\GSAutoClicker3\GSAutoClicker.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-25] (CyberLink) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-07] (Electronic Arts) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Helen\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {28526191-8f46-11e4-824f-806e6f6e6963} - "D:\SETUP.EXE" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\MountPoints2: {baa56436-3ccb-11e6-be98-240a646e54e5} - "E:\VZW_Software_upgrade_assistant.exe" Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2017-03-20] ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-09-22] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{93733082-29C2-4943-9627-7C54CE1FD87A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {5b59a0b6-949f-44b7-93b6-7ae39796c8ca} URL = hxxp://isearch.shopathome.com?user_id={afe413e5-9a57-4e7f-823e-e522902902cd}&q={searchTerms} SearchScopes: HKU\S-1-5-21-1890713058-2806932541-3226652281-1002 -> {E705114E-6C48-4AF1-BD3D-2C742F7F1EF3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US91044D20151212&p={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-24] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-09-27] (Perfect World Entertainment Inc) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-24] (Oracle Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-09-27] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR HomePage: Profile 2 -> hxxp://www.google.com CHR Session Restore: Profile 2 -> is enabled. CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default [2018-02-18] CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-02] CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-20] CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-16] CHR Extension: (Webcam Toy) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-04-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-13] CHR Extension: (Adblock Pro) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-16] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19] CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-25] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-05] CHR Extension: (Google Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18] CHR Extension: (McAfee SafeKey) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2016-01-18] CHR Extension: (Google Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18] CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03] CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18] CHR Extension: (Google Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18] CHR Extension: (Wolf and the Ice Planet) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-01-18] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22] CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-03] CHR Extension: (Invite All Your Facebook Friends PRO) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llihccomjnidgdibbpciaajkednnglpm [2016-01-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-18] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-04-16] CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-16] CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-16] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16] CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-16] CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-16] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18] CHR Extension: (Skype) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-16] CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-22] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc) R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-07] (Electronic Arts) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-19] (Broadcom Corporation.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic) R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-24] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-16 17:38 - 2018-04-16 17:38 - 000023135 _____ C:\Users\Helen\Desktop\FRST.txt 2018-04-16 17:33 - 2018-04-16 17:33 - 000080883 _____ C:\Users\Helen\Downloads\Shortcut.txt 2018-04-16 17:29 - 2018-04-16 17:30 - 002403328 _____ (Farbar) C:\Users\Helen\Desktop\FRST64.exe 2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ C:\Users\Helen\ZHPDiag3.exe 2018-04-09 21:05 - 2018-04-09 21:05 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-04-09 21:04 - 2018-04-09 21:04 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-09 21:04 - 2018-04-09 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-09 16:53 - 2018-04-16 17:18 - 000216560 _____ C:\Users\Helen\Desktop\ZHPDiag.txt 2018-04-09 16:53 - 2018-04-12 16:42 - 000308364 _____ C:\Users\Helen\Desktop\ZHPDiag.html 2018-04-09 16:46 - 2018-04-16 17:18 - 000000000 ____D C:\Users\Helen\AppData\Roaming\ZHP 2018-04-09 16:46 - 2018-04-16 17:05 - 000000871 _____ C:\Users\Helen\Desktop\ZHPDiag.lnk 2018-04-09 16:46 - 2018-04-09 16:46 - 000000000 ____D C:\Users\Helen\AppData\Local\ZHP 2018-04-09 16:41 - 2018-04-09 16:41 - 003045760 _____ C:\Users\Helen\Downloads\ZHPDiag3.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-16 17:38 - 2014-12-12 22:20 - 000000000 ____D C:\FRST 2018-04-16 17:33 - 2014-12-12 22:21 - 000051252 _____ C:\Users\Helen\Downloads\Addition.txt 2018-04-16 17:33 - 2014-12-12 22:20 - 000077244 _____ C:\Users\Helen\Downloads\FRST.txt 2018-04-16 16:34 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-04-16 16:32 - 2017-11-23 13:40 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2018-04-16 16:32 - 2015-05-31 02:26 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2018-04-12 21:24 - 2016-03-01 20:43 - 000000000 ____D C:\Users\Helen\AppData\Local\CrashDumps 2018-04-12 21:24 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-04-12 16:25 - 2015-02-24 06:49 - 000000000 ____D C:\Users\Helen 2018-04-10 21:59 - 2017-12-29 22:41 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-04-10 21:59 - 2017-04-05 18:19 - 000004480 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-04-09 22:01 - 2015-02-09 00:12 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1890713058-2806932541-3226652281-1002 2018-04-09 21:17 - 2017-04-10 19:06 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-09 21:09 - 2016-03-20 18:50 - 000000000 ____D C:\Users\Helen\Desktop\Pics 2018-04-09 20:54 - 2014-11-21 04:44 - 000877620 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-09 20:54 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf 2018-04-09 20:53 - 2015-02-09 00:05 - 000000074 _____ C:\Users\Helen\AppData\Roaming\sp_data.sys 2018-04-09 20:50 - 2015-02-24 06:42 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-09 20:50 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-09 20:49 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2018-03-27 20:34 - 2016-06-04 15:06 - 000000000 ____D C:\Users\Helen\AppData\Local\Akamai 2018-03-23 00:13 - 2018-01-17 16:01 - 000053769 _____ C:\Users\Helen\Desktop\DQH Eval.txt 2018-03-22 17:43 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache 2018-03-20 21:20 - 2015-02-09 00:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-19 16:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-19 12:57 - 2018-02-15 13:03 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======= 2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ () C:\Users\Helen\ZHPDiag3.exe 2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files\msvbvm50.dll 2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files (x86)\msvbvm50.dll 2015-02-10 05:00 - 2017-03-20 23:43 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-02-09 00:05 - 2018-04-09 20:53 - 000000074 _____ () C:\Users\Helen\AppData\Roaming\sp_data.sys 2016-06-05 21:01 - 2016-06-05 21:01 - 000000093 _____ () C:\Users\Helen\AppData\Local\fusioncache.dat Some files in TEMP: ==================== 2017-10-29 01:28 - 2017-10-29 01:28 - 000000180 _____ () C:\Users\Helen\AppData\Local\Temp\3fc1552ba19ee3472398342b0fadfa41.dll 2017-10-29 01:29 - 2017-10-29 01:29 - 000000072 _____ () C:\Users\Helen\AppData\Local\Temp\813e0a4f66963b3ee20d8cc5c09eaab7.dll 2016-04-22 12:36 - 2000-04-06 08:00 - 000263168 ____N () C:\Users\Helen\AppData\Local\Temp\binkw32.dll 2017-12-25 18:22 - 2017-12-25 18:22 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Helen\AppData\Local\Temp\COMAP.EXE 2016-04-22 12:36 - 2001-05-09 20:19 - 000352256 ____N (Blizzard Entertainment) C:\Users\Helen\AppData\Local\Temp\d2l_Install.exe 2016-10-25 19:51 - 2016-10-25 19:51 - 000737856 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-02-12 16:45 - 2017-02-12 16:45 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-05-01 20:49 - 2017-05-01 20:49 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-11-16 03:43 - 2017-11-16 03:43 - 001856576 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u151-windows-au.exe 2018-01-24 01:18 - 2018-01-24 01:18 - 001864256 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u161-windows-au.exe 2015-12-04 18:28 - 2015-12-04 18:28 - 000585824 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-03-11 19:45 - 2016-03-11 19:45 - 000736352 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-07 11:59 - 2016-04-07 11:59 - 000736320 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-05-06 23:33 - 2016-05-06 23:33 - 000739904 _____ (Oracle Corporation) C:\Users\Helen\AppData\Local\Temp\jre-8u91-windows-au.exe 2015-12-02 11:05 - 2015-12-02 11:05 - 000120336 _____ (McAfee, Inc.) C:\Users\Helen\AppData\Local\Temp\McCSPInstall.dll 2016-01-17 00:44 - 2015-12-02 11:05 - 000131344 _____ (McAfee Inc.) C:\Users\Helen\AppData\Local\Temp\mccspuninstall.exe 2015-02-10 04:42 - 2015-06-17 02:03 - 001170848 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvSCPAPI.dll 2015-02-10 04:42 - 2015-06-17 02:03 - 001366208 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvSCPAPI64.dll 2015-05-25 17:35 - 2015-06-17 02:03 - 000789648 _____ (NVIDIA Corporation) C:\Users\Helen\AppData\Local\Temp\nvStInst.exe 2017-01-28 14:22 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-3672.exe 2017-01-28 14:22 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-4308.exe 2017-01-28 14:23 - 2012-01-07 00:04 - 000314784 _____ () C:\Users\Helen\AppData\Local\Temp\UNINSTALLER-5336.exe 2016-04-03 02:17 - 2016-04-03 02:17 - 000065280 _____ () C:\Users\Helen\AppData\Local\Temp\utils.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-09 21:02 ==================== End of FRST.txt ============================