Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018 Ran by William (administrator) on MARTOVICH (25-04-2018 19:53:13) Running from C:\Users\Helen\Desktop Loaded Profiles: William & Administrator (Available Profiles: William & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-25] (CyberLink) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-07] (Electronic Arts) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Helen\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.) HKU\S-1-5-21-1890713058-2806932541-3226652281-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2017-03-20] ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-09-22] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{93733082-29C2-4943-9627-7C54CE1FD87A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com HKU\S-1-5-21-1890713058-2806932541-3226652281-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com HKU\S-1-5-21-1890713058-2806932541-3226652281-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-24] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-09-27] (Perfect World Entertainment Inc) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-24] (Oracle Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-09-27] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR HomePage: Profile 2 -> hxxp://www.google.com CHR Session Restore: Profile 2 -> is enabled. CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default [2018-04-25] CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-02] CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-20] CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-16] CHR Extension: (Webcam Toy) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-04-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-13] CHR Extension: (Adblock Pro) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-16] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19] CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-25] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-25] CHR Extension: (Google Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18] CHR Extension: (McAfee SafeKey) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2016-01-18] CHR Extension: (Google Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18] CHR Extension: (Adblock Plus) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03] CHR Extension: (Google Search) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18] CHR Extension: (Google Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18] CHR Extension: (Wolf and the Ice Planet) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-01-18] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22] CHR Extension: (AdBlock) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-03] CHR Extension: (Invite All Your Facebook Friends PRO) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llihccomjnidgdibbpciaajkednnglpm [2016-01-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-18] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-04-25] CHR Extension: (Slides) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-16] CHR Extension: (Docs) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16] CHR Extension: (Google Drive) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-16] CHR Extension: (YouTube) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16] CHR Extension: (Adobe Acrobat) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-16] CHR Extension: (Sheets) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-16] CHR Extension: (Google Docs Offline) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18] CHR Extension: (Skype) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-02-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09] CHR Extension: (Gmail) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-16] CHR Extension: (Chrome Media Router) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16] CHR Profile: C:\Users\Helen\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-25] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-09-27] (Perfect World Entertainment Inc) R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-23] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-07] (Electronic Arts) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-19] (Broadcom Corporation.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic) R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-25] (Malwarebytes) R1 MpKsl5754ea46; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FA54C1F-98E2-44D5-A04C-496A52D033EB}\MpKsl5754ea46.sys [58120 2018-04-25] (Microsoft Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-24] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-25 19:52 - 2018-04-25 19:52 - 000010188 _____ C:\Users\Helen\Desktop\Hardware Interrupts and DPCs.txt 2018-04-25 19:46 - 2018-04-25 19:46 - 000000686 _____ C:\VEWv1.1.txt 2018-04-25 19:44 - 2018-04-25 19:44 - 000000686 _____ C:\VEW.txt 2018-04-25 19:43 - 2018-04-25 19:43 - 000061440 _____ ( ) C:\Users\Helen\Desktop\VEW.exe 2018-04-25 16:26 - 2018-04-25 16:32 - 000006331 _____ C:\Users\Helen\Desktop\Fixlog.txt 2018-04-25 16:26 - 2018-04-25 16:26 - 000000000 ____D C:\Users\Helen\Desktop\FRST-OlderVersion 2018-04-23 20:19 - 2018-04-23 20:20 - 000677834 _____ C:\Users\Helen\Desktop\MARTOVICHspeccy.txt 2018-04-23 20:04 - 2018-04-23 20:04 - 000000810 _____ C:\Users\Public\Desktop\Speccy.lnk 2018-04-23 20:04 - 2018-04-23 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2018-04-23 20:04 - 2018-04-23 20:04 - 000000000 ____D C:\Program Files\Speccy 2018-04-23 20:03 - 2018-04-23 20:04 - 006299336 _____ (Piriform Ltd) C:\Users\Helen\Downloads\spsetup131.exe 2018-04-23 20:03 - 2018-04-23 20:03 - 000009722 _____ C:\Users\Helen\Desktop\junkfrst.txt 2018-04-23 20:02 - 2018-04-23 20:02 - 000009722 _____ C:\junk.txt 2018-04-23 20:01 - 2018-04-23 20:01 - 000009610 _____ C:\Users\Helen\Desktop\System Idle Process.txt 2018-04-23 19:54 - 2018-04-23 19:54 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Helen\Desktop\procexp.exe 2018-04-21 21:39 - 2018-04-24 20:44 - 000000639 _____ C:\Users\Helen\Desktop\1 to 10 Album.txt 2018-04-16 17:38 - 2018-04-25 19:53 - 000022460 _____ C:\Users\Helen\Desktop\FRST.txt 2018-04-16 17:38 - 2018-04-16 17:38 - 000051144 _____ C:\Users\Helen\Desktop\Addition.txt 2018-04-16 17:29 - 2018-04-25 16:26 - 002405888 _____ (Farbar) C:\Users\Helen\Desktop\FRST64.exe 2018-04-12 16:36 - 2018-03-23 09:50 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2018-04-12 16:36 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-04-12 16:36 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-04-12 16:36 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-04-12 16:36 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-04-12 16:36 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-04-12 16:36 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-04-12 16:36 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-04-12 16:36 - 2018-03-22 16:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2018-04-12 16:36 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-04-12 16:36 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-04-12 16:36 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-04-12 16:36 - 2018-03-22 16:29 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-04-12 16:36 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-04-12 16:36 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-04-12 16:36 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-04-12 16:36 - 2018-03-22 16:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2018-04-12 16:36 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-04-12 16:36 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-04-12 16:36 - 2018-03-22 16:15 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-04-12 16:36 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-04-12 16:36 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-04-12 16:36 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-04-12 16:36 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-04-12 16:36 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-04-12 16:36 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-04-12 16:36 - 2018-03-10 13:50 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2018-04-12 16:36 - 2018-03-09 20:16 - 001549136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-04-12 16:36 - 2018-03-09 20:16 - 000388440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-04-12 16:36 - 2018-03-09 17:20 - 007405392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-04-12 16:36 - 2018-03-09 17:20 - 001737592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-04-12 16:36 - 2018-03-09 17:20 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-04-12 16:36 - 2018-03-09 17:20 - 001536112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-04-12 16:36 - 2018-03-09 17:20 - 001500424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-04-12 16:36 - 2018-03-09 17:20 - 001371344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-04-12 16:36 - 2018-03-09 17:20 - 000418640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-04-12 16:36 - 2018-03-09 15:59 - 000121168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2018-04-12 16:36 - 2018-03-09 10:52 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-04-12 16:36 - 2018-03-09 10:52 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-04-12 16:36 - 2018-03-09 10:52 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-04-12 16:36 - 2018-03-09 10:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-04-12 16:36 - 2018-03-08 14:15 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2018-04-12 16:36 - 2018-03-08 14:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2018-04-12 16:36 - 2018-03-08 10:21 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-04-12 16:36 - 2018-03-07 19:46 - 000202576 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2018-04-12 16:36 - 2018-03-07 19:42 - 000174928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2018-04-12 16:36 - 2018-03-07 15:28 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll 2018-04-12 16:36 - 2018-03-07 14:26 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll 2018-04-12 16:36 - 2018-03-03 13:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2018-04-12 16:36 - 2018-03-03 13:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2018-04-12 16:36 - 2018-02-09 21:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-04-12 16:36 - 2018-02-09 21:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-04-12 16:36 - 2018-02-09 13:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-04-12 16:36 - 2018-02-09 13:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-04-12 16:36 - 2018-02-08 14:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2018-04-12 16:36 - 2018-02-08 14:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2018-04-12 16:36 - 2018-02-08 14:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2018-04-12 16:36 - 2018-02-08 14:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2018-04-12 16:36 - 2018-02-08 13:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2018-04-12 16:36 - 2018-02-08 13:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2018-04-12 16:36 - 2018-02-08 13:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2018-04-12 16:36 - 2018-02-08 13:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2018-04-12 16:36 - 2018-02-08 13:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-04-12 16:36 - 2018-02-08 13:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2018-04-12 16:36 - 2018-02-08 13:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2018-04-12 16:36 - 2018-02-08 13:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2018-04-12 16:36 - 2018-02-08 13:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2018-04-12 16:36 - 2018-01-25 10:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-04-12 16:36 - 2018-01-25 10:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-04-12 16:35 - 2018-03-16 14:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-04-12 16:35 - 2018-03-14 09:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-04-12 16:35 - 2018-03-14 09:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-04-12 16:35 - 2018-03-14 09:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ C:\Users\Helen\ZHPDiag3.exe 2018-04-09 21:05 - 2018-04-25 16:38 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-04-09 21:04 - 2018-04-09 21:04 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-09 21:04 - 2018-04-09 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-09 16:53 - 2018-04-16 17:18 - 000216560 _____ C:\Users\Helen\Desktop\ZHPDiag.txt 2018-04-09 16:53 - 2018-04-12 16:42 - 000308364 _____ C:\Users\Helen\Desktop\ZHPDiag.html 2018-04-09 16:46 - 2018-04-16 17:18 - 000000000 ____D C:\Users\Helen\AppData\Roaming\ZHP 2018-04-09 16:46 - 2018-04-16 17:05 - 000000871 _____ C:\Users\Helen\Desktop\ZHPDiag.lnk 2018-04-09 16:46 - 2018-04-09 16:46 - 000000000 ____D C:\Users\Helen\AppData\Local\ZHP 2018-04-09 16:41 - 2018-04-09 16:41 - 003045760 _____ C:\Users\Helen\Downloads\ZHPDiag3.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-25 19:53 - 2014-12-12 22:20 - 000000000 ____D C:\FRST 2018-04-25 19:49 - 2016-03-20 18:50 - 000000000 ____D C:\Users\Helen\Desktop\Pics 2018-04-25 19:42 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-04-25 19:10 - 2015-02-09 00:12 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1890713058-2806932541-3226652281-1002 2018-04-25 19:07 - 2015-02-09 00:05 - 000000074 _____ C:\Users\Helen\AppData\Roaming\sp_data.sys 2018-04-25 19:06 - 2017-04-10 19:06 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-25 16:37 - 2015-02-24 06:42 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-25 16:37 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-25 16:36 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2018-04-25 16:31 - 2015-01-14 22:29 - 000000000 ____D C:\Users\Helen\AppData\LocalLow\Temp 2018-04-25 16:23 - 2017-11-23 13:40 - 000003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2018-04-25 16:23 - 2015-05-31 02:26 - 000003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2018-04-23 20:05 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf 2018-04-21 21:31 - 2018-02-07 11:36 - 000000495 _____ C:\Users\Helen\Desktop\refrences.txt 2018-04-20 17:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache 2018-04-20 17:19 - 2013-08-22 10:44 - 000337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-04-20 17:11 - 2015-03-05 01:41 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-04-20 17:11 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData 2018-04-19 15:25 - 2015-02-10 05:15 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-04-19 15:22 - 2017-10-11 19:24 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-04-19 15:22 - 2015-02-10 05:15 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-04-12 21:24 - 2016-03-01 20:43 - 000000000 ____D C:\Users\Helen\AppData\Local\CrashDumps 2018-04-12 21:24 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-04-12 16:25 - 2015-02-24 06:49 - 000000000 ____D C:\Users\Helen 2018-04-10 21:59 - 2017-12-29 22:41 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-04-10 21:59 - 2017-04-05 18:19 - 000004480 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-04-10 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-04-09 20:54 - 2014-11-21 04:44 - 000877620 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-02 21:01 - 2018-01-12 12:02 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-04-02 21:01 - 2018-01-12 12:02 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-27 20:34 - 2016-06-04 15:06 - 000000000 ____D C:\Users\Helen\AppData\Local\Akamai ==================== Files in the root of some directories ======= 2018-04-12 16:25 - 2018-04-12 16:25 - 003063168 _____ () C:\Users\Helen\ZHPDiag3.exe 2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files\msvbvm50.dll 2016-05-07 21:56 - 2016-05-07 21:53 - 001355776 _____ (Microsoft Corporation) C:\Program Files (x86)\msvbvm50.dll 2015-02-10 05:00 - 2017-03-20 23:43 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-02-09 00:05 - 2018-04-25 19:07 - 000000074 _____ () C:\Users\Helen\AppData\Roaming\sp_data.sys 2016-06-05 21:01 - 2016-06-05 21:01 - 000000093 _____ () C:\Users\Helen\AppData\Local\fusioncache.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-25 16:48 ==================== End of FRST.txt ============================