Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Steven Chea (administrator) on DESKTOP-376LSG8 (28-03-2017 15:47:20) Running from C:\Users\Steven Chea\Desktop Loaded Profiles: Steven Chea (Available Profiles: Steven Chea) Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Zhorn Software) C:\Users\Steven Chea\Desktop\tron\resources\stage_0_prep\caffeine\caffeine.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\sfc.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation) HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Discord] => C:\Users\Steven Chea\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment) HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Chromium] => "c:\users\steven chea\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Messenger for Desktop] => "C:\Users\Steven Chea\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe" --process-start-args "--os-startup" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [tron_resume] => C:\Users\Steven Chea\Desktop\tron\tron.bat [45011 2017-03-11] () HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoLogOff] 0 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{25458291-2691-444c-a0f4-0b07fcde5fce}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464282812&GUID=E3526273-580E-4536-B026-F28CFCF320A5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464287473&GUID=E3526273-580E-4536-B026-F28CFCF320A5 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198 [2017-03-28] FF Extension: (uBlock Origin) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13] FF Extension: (Site Deployment Checker) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\features\{5f753591-0e63-432a-977f-95663773aa70}\deployment-checker@mozilla.org.xpi [2017-03-24] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation) FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2015-09-22] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default [2017-03-28] CHR Extension: (Google Slides) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-09] CHR Extension: (Google Docs) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09] CHR Extension: (Google Drive) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09] CHR Extension: (YouTube) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09] CHR Extension: (Google Sheets) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-09] CHR Extension: (FBDown Video Downloader) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-02-05] CHR Extension: (Google Docs Offline) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28] CHR Extension: (AdBlock) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22] CHR Extension: (Gmail) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09] CHR Extension: (Chrome Media Router) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation) S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-08-09] (EasyAntiCheat Ltd) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-08] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-08] (Electronic Arts) R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-28] () S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-27] () S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.) S3 LADF_BakerCOnly; C:\WINDOWS\system32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech) S3 LADF_BakerROnly; C:\WINDOWS\system32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech) S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-10] (Realtek ) S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc) S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [171664 2016-07-14] (Ray Hinchliffe) R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-10-03] (SteelSeries ApS) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-27] () S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-27] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-28 14:38 - 2017-03-28 14:38 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\47A141E5.sys 2017-03-28 14:38 - 2017-03-28 14:38 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\61836612.sys 2017-03-28 13:59 - 2017-03-28 13:59 - 00000000 ___HD C:\ProgramData\CanonBJ 2017-03-28 13:59 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBX.DLL 2017-03-28 13:59 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BXL.dll 2017-03-28 13:59 - 2012-11-09 10:43 - 00088064 _____ C:\WINDOWS\system32\CNC176DD.TBL 2017-03-28 13:59 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BXC.dll 2017-03-28 13:59 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BXI.dll 2017-03-28 13:59 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2017-03-28 13:23 - 2017-03-20 21:37 - 00000000 ____D C:\Users\Steven Chea\Desktop\integrity_verification 2017-03-28 13:23 - 2017-03-20 21:27 - 00000000 ____D C:\Users\Steven Chea\Desktop\tron 2017-03-28 13:21 - 2017-03-28 13:23 - 644149718 _____ (Igor Pavlov) C:\Users\Steven Chea\Desktop\Tron v10.0.2 (2017-03-20).exe 2017-03-28 13:08 - 2017-03-28 13:08 - 00007653 _____ C:\Users\Steven Chea\Desktop\Hardware Interrupts and DPCs.txt 2017-03-28 13:07 - 2017-03-28 13:07 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Steven Chea\Desktop\procexp.exe 2017-03-28 13:07 - 2017-03-28 13:07 - 00034784 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-03-28 13:05 - 2017-03-28 13:05 - 00010977 _____ C:\Users\Steven Chea\Desktop\Fixlog.txt 2017-03-27 20:56 - 2017-03-28 15:47 - 03163820 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-03-27 20:56 - 2017-03-28 10:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-03-27 20:56 - 2017-03-27 22:53 - 00047607 _____ C:\WINDOWS\ZAM.krnl.trace 2017-03-27 20:56 - 2017-03-27 20:56 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-03-27 20:12 - 2017-03-27 20:18 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-27 20:12 - 2017-03-27 20:12 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-03-27 20:08 - 2017-03-27 21:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-27 20:08 - 2017-03-27 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-03-27 20:08 - 2017-03-27 20:53 - 00000000 ____D C:\Users\Steven Chea\Desktop\mbar 2017-03-27 20:07 - 2017-03-27 20:07 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Zemana 2017-03-27 19:25 - 2017-03-27 19:25 - 05788712 _____ C:\Users\Steven Chea\Downloads\qssetup.exe 2017-03-27 19:09 - 2017-03-27 19:09 - 04031440 _____ C:\Users\Steven Chea\Downloads\adwcleaner_6.044.exe 2017-03-27 18:53 - 2017-03-28 15:47 - 00018526 _____ C:\Users\Steven Chea\Desktop\FRST.txt 2017-03-27 18:53 - 2017-03-27 18:54 - 00062285 _____ C:\Users\Steven Chea\Desktop\Addition.txt 2017-03-27 18:52 - 2017-03-28 15:47 - 00000000 ____D C:\FRST 2017-03-27 18:52 - 2017-03-27 18:52 - 02424832 _____ (Farbar) C:\Users\Steven Chea\Desktop\FRST64.exe 2017-03-27 18:43 - 2017-03-27 18:43 - 11581544 _____ (SurfRight B.V.) C:\Users\Steven Chea\Downloads\HitmanPro_x64.exe 2017-03-27 18:40 - 2017-03-27 18:27 - 05765792 _____ (Zemana Ltd. ) C:\Users\Steven Chea\Desktop\Zemana.AntiMalware.Setup.exe 2017-03-27 17:21 - 2017-03-27 21:05 - 00006394 _____ C:\Users\Steven Chea\Desktop\Rkill.txt 2017-03-27 17:18 - 2017-03-27 17:18 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll 2017-03-27 17:18 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll 2017-03-27 17:18 - 2005-07-14 12:31 - 00032256 ___SH C:\WINDOWS\SysWOW64\AVSredirect.dll 2017-03-27 17:18 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll 2017-03-27 17:18 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll 2017-03-27 17:15 - 2017-03-27 20:19 - 00000000 ____D C:\WINDOWS\pss 2017-03-27 17:04 - 2017-03-27 17:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steven Chea\Desktop\rkill.com 2017-03-25 16:31 - 2017-03-28 13:11 - 00148480 ___SH C:\Users\Steven Chea\Desktop\Thumbs.db 2017-03-25 02:43 - 2017-03-25 02:44 - 00541023 _____ C:\Users\Steven Chea\Downloads\JB.mp4 2017-03-24 22:56 - 2017-03-24 22:58 - 00000000 ____D C:\Users\Steven Chea\Desktop\ACCT 2331 2017-03-24 22:56 - 2017-03-24 22:56 - 00651036 _____ C:\Users\Steven Chea\Desktop\ACCT-2331.rar 2017-03-24 22:00 - 2017-03-28 13:13 - 00093184 ___SH C:\Users\Steven Chea\Downloads\Thumbs.db 2017-03-24 21:50 - 2017-03-24 22:10 - 282352375 _____ C:\Users\Steven Chea\Downloads\Kanojo_x_Kanojo_x_Kanojo_01_[RAW][UNCEN][DVDrip][Galan_rus_raw][BB7FDD0D].mp4 2017-03-24 21:28 - 2017-03-25 03:40 - 2312535121 _____ C:\Users\Steven Chea\Desktop\[HH] Kanojo x Kanojo x Kanojo - Marathon [BD] [466C8281].mp4 2017-03-22 23:56 - 2017-03-24 20:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\KMSpico 10.1.9 Portable 2017-03-22 21:21 - 2015-08-22 09:46 - 70712928 _____ C:\Users\Steven Chea\Desktop\1133957757SocPsych9.pdf 2017-03-21 12:35 - 2017-03-21 12:36 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\PAYDAY 2 2017-03-20 16:02 - 2017-03-21 02:57 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\EloBuddy 2017-03-20 16:02 - 2017-03-20 16:03 - 00000000 ____D C:\Program Files (x86)\EloBuddy 2017-03-20 16:02 - 2017-03-20 16:02 - 00001115 _____ C:\Users\Public\Desktop\EloBuddy.lnk 2017-03-20 16:02 - 2017-03-20 16:02 - 00000046 _____ C:\Users\Public\Desktop\Visit EloBuddy Website.url 2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\ProgramData\VsTelemetry 2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ___HD C:\$WINDOWS.~BT 2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ____D C:\WINDOWS\Panther 2017-03-13 22:44 - 2017-02-01 00:41 - 00046462 _____ C:\Users\Steven Chea\Desktop\Hwarang.E14.170131.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [VIU Version].srt 2017-03-13 22:31 - 2017-01-31 04:05 - 00045622 _____ C:\Users\Steven Chea\Desktop\Hwarang.E13.170130.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [Viki Version].srt 2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 4 2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\Program Files (x86)\tamasoftware 2017-03-12 03:14 - 2017-03-12 03:33 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\mkvtoolnix 2017-03-12 03:13 - 2017-03-12 03:13 - 19251378 _____ (Moritz Bunkus) C:\Users\Steven Chea\Downloads\mkvtoolnix-32bit-8.2.0-setup.exe 2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\Program Files (x86)\MKVToolNix 2017-03-12 02:10 - 2017-03-12 03:21 - 00000000 ____D C:\Goblin 2017-03-09 02:39 - 2017-03-09 02:42 - 640371107 _____ C:\Users\Steven Chea\Desktop\Black_Friday_Dark_Dawn_2012_mp4.mp4 2017-02-28 19:34 - 2017-02-28 19:34 - 00084384 _____ C:\WINDOWS\system32\gunbod64.sys 2017-02-28 19:34 - 2017-02-28 19:34 - 00037792 _____ C:\WINDOWS\system32\gunsken64.sys 2017-02-28 19:30 - 2017-02-28 19:30 - 00000126 _____ C:\Users\Steven Chea\AppData\Roaming\Microsoft\Windows\Start Menu\GunboundIS.url 2017-02-28 19:25 - 2017-02-28 19:29 - 624835784 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\GunBound_GIS_S3_151120_Ver1132.exe 2017-02-28 19:24 - 2017-02-28 19:24 - 02660366 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\NyxLauncher_Global_Softnyx_160419_Ver597(1).exe 2017-02-28 19:23 - 2017-02-28 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame 2017-02-28 19:23 - 2017-02-28 19:23 - 00000000 ____D C:\Game ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-28 15:45 - 2016-11-15 20:56 - 00000000 ____D C:\Users\Steven Chea\AppData\LocalLow\Mozilla 2017-03-28 15:40 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-03-28 15:07 - 2016-09-22 17:41 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B5D4BE11-1A29-48DB-A343-AC1C54BD5627} 2017-03-28 14:38 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-28 14:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-28 14:38 - 2016-05-25 18:52 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Packages 2017-03-28 14:13 - 2016-09-06 21:50 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Notepad++ 2017-03-28 14:08 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2017-03-28 14:05 - 2017-02-22 11:58 - 00000000 ____D C:\WINDOWS\Minidump 2017-03-28 14:05 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-28 14:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-03-28 14:05 - 2016-07-08 20:10 - 00000000 ____D C:\ProgramData\Apple Computer 2017-03-28 14:05 - 2016-07-08 20:09 - 00000000 ____D C:\ProgramData\Apple 2017-03-28 14:05 - 2016-07-01 19:19 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\LolClient 2017-03-28 14:05 - 2016-06-20 21:22 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\uTorrent 2017-03-28 14:05 - 2016-05-27 23:19 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Skype 2017-03-28 14:05 - 2016-05-25 19:14 - 00000000 ____D C:\Program Files (x86)\Steam 2017-03-28 14:05 - 2016-05-25 19:11 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\CrashDumps 2017-03-28 14:02 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Messenger for Desktop 2017-03-28 13:57 - 2016-05-25 18:57 - 05212386 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-28 13:51 - 2016-09-22 17:31 - 00000000 ____D C:\Users\Steven Chea 2017-03-28 13:41 - 2016-05-25 19:37 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\vlc 2017-03-28 13:06 - 2016-09-22 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-28 13:05 - 2016-09-22 17:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-28 13:05 - 2016-09-12 16:53 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-03-28 13:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-03-28 13:05 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\Comms 2017-03-28 13:05 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-03-28 13:05 - 2016-05-25 21:38 - 00000000 ____D C:\Users\Steven Chea\AppData\LocalLow\Temp 2017-03-28 13:05 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-03-27 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-03-27 21:06 - 2016-12-11 16:09 - 00000000 ____D C:\AdwCleaner 2017-03-27 20:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter 2017-03-27 20:37 - 2016-05-30 00:19 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-03-27 19:50 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-27 19:47 - 2017-01-27 10:26 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\TeamViewer 2017-03-27 19:44 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-03-27 18:17 - 2016-12-21 22:45 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-03-27 17:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ModemLogs 2017-03-27 16:58 - 2017-01-11 12:17 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-03-27 00:13 - 2016-12-16 19:40 - 10264576 _____ C:\Users\Steven Chea\Desktop\WestVision.accdb 2017-03-20 16:02 - 2016-09-22 20:23 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-03-20 16:02 - 2016-05-25 18:58 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagwrn.xml 2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagerr.xml 2017-03-15 19:54 - 2016-09-22 17:41 - 00004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-03-15 19:16 - 2016-12-27 02:35 - 01966080 _____ C:\Users\Steven Chea\Desktop\ThisIsWhyImBroke.accdb 2017-03-14 20:54 - 2016-12-26 13:02 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-03-12 14:03 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\messengerfordesktop 2017-03-12 14:03 - 2016-05-25 19:18 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\SquirrelTemp 2017-03-12 00:21 - 2017-01-22 01:38 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-12-19 20:56 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-03-12 00:21 - 2016-11-03 19:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-11-03 19:54 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-11-03 19:54 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-11-03 19:54 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-11-03 19:54 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-11-03 19:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-03-12 00:21 - 2016-05-25 19:02 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\NVIDIA Corporation 2017-03-09 13:00 - 2017-01-17 16:51 - 00000000 ___HD C:\Users\Steven Chea\Desktop\temp 2017-03-09 12:50 - 2016-06-08 16:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\Cali vacay 2017-03-09 12:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-03-09 12:43 - 2016-12-07 14:50 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite 2017-03-09 12:43 - 2016-09-16 20:51 - 00000000 ____D C:\Program Files (x86)\PdaNet for iPhone 2017-03-09 12:43 - 2016-07-12 18:47 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Razer 2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\ProgramData\Razer 2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\Program Files (x86)\Razer 2017-03-09 12:43 - 2016-05-25 18:54 - 00000000 ___RD C:\Users\Steven Chea\OneDrive 2017-03-08 13:56 - 2016-08-08 21:13 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\.minecraft 2017-03-07 15:33 - 2016-09-12 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-03-06 15:41 - 2016-08-08 21:13 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-03-01 13:25 - 2016-12-07 14:53 - 00000000 ____D C:\Users\Steven Chea\Desktop\New folder 2017-03-01 03:51 - 2016-05-27 17:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSDevID.fig 2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIdAndPort.fig 2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIpAndPort.fig 2016-09-12 17:53 - 2016-09-12 17:53 - 0000046 _____ () C:\Users\Steven Chea\AppData\Roaming\WB.CFG 2016-05-28 23:00 - 2016-12-22 01:58 - 0007612 _____ () C:\Users\Steven Chea\AppData\Local\Resmon.ResmonCfg 2016-12-29 20:31 - 2016-12-29 20:31 - 0000016 _____ () C:\ProgramData\mntemp 2016-12-19 20:56 - 2017-01-22 01:38 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-19 20:56 - 2017-01-21 02:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 2017-01-24 13:54 - 2017-01-24 13:54 - 0000281 _____ () C:\ProgramData\RSUserCfg.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-22 18:35 ==================== End of FRST.txt ============================