Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018 Ran by Aleph (administrator) on SHILONORMAN (01-09-2018 13:46:55) Running from C:\Users\Aleph\Desktop Loaded Profiles: Aleph (Available Profiles: Aleph) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Svenska (Sverige) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Sonix) C:\Windows\vsnp2uvc.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Sonix Technology Co., Ltd.) C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe (Acrox) C:\Program Files (x86)\Gaming Mouse driver\Hid.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Gaming Mouse driver\TrayIcon.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\New_12050926\instup.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Google) C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\SwReporter\32.168.200\software_reporter_tool.exe () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Dropbox, Inc.) C:\Users\Aleph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\Aleph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\Aleph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-02] (AVAST Software) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix) HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [322560 2011-09-07] (Sonix Technology Co., Ltd.) HKLM-x32\...\Run: [ACROX] => C:\Program Files (x86)\Gaming Mouse driver\Hid.exe [1755136 2015-05-28] (Acrox) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [146800 2018-05-18] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4305776 2018-05-30] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8899504 2018-08-16] (SUPERAntiSpyware) HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd) HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\...\Run: [Dropbox Update] => C:\Users\Aleph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [9942704 2018-06-28] (Windscribe Limited) HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher Startup: C:\Users\Aleph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-08-08] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-24] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3310751362-2506820872-2796058767-1001] => localhost:8080 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0BCB118D-DDE1-4907-915C-5EF1F91A871A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-21] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-02] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-07-21] (Microsoft Corporation) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-21] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-02] (AVAST Software) BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-21] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-21] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-21] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-21] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-21] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default [2018-09-01] FF user.js: detected! => C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\user.js [2012-12-18] FF NewTab: Mozilla\Firefox\Profiles\8klc4n3p.default -> hxxp://www.google.com/firefox FF Extension: (New XKit) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\@new-xkit.xpi [2018-03-31] FF Extension: (Windscribe VPN) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\@windscribeff.xpi [2018-08-15] FF Extension: (Cryptocat) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\cryptocat@crypto.cat.xpi [2015-06-08] [Legacy] FF Extension: (MEGA) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\firefox@mega.co.nz.xpi [2018-08-09] FF Extension: (Terms of Service; Didn’t Read) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2018-02-18] FF Extension: (Avast SafePrice) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\sp@avast.com.xpi [2018-04-13] FF Extension: (uBlock Origin) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\uBlock0@raymondhill.net.xpi [2018-08-15] FF Extension: (Avast Online Security) - C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\Extensions\wrc@avast.com.xpi [2018-05-25] FF SearchPlugin: C:\Users\Aleph\AppData\Roaming\Mozilla\Firefox\Profiles\8klc4n3p.default\searchplugins\ixquick-ssl.xml [2013-07-04] FF ProfilePath: C:\Users\Aleph\AppData\Roaming\Greyfirst\Celtx\Profiles\3olshehr.default [2018-08-18] FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2012-12-17] [Legacy] [not signed] FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2012-12-17] [Legacy] [not signed] FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2012-12-17] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-24] () FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-29] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-21] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default [2018-09-01] CHR Extension: (Slides) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (uBlock Origin) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-17] CHR Extension: (Google Search) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Sheets) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (Google Docs Offline) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (TweetDeck by Twitter) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-24] CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2018-02-18] CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-06-29] CHR Extension: (New XKit) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2018-04-01] [UpdateUrl: hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-08-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Aleph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11] CHR HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Aleph\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-02] CHR HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3310751362-2506820872-2796058767-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com) S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-20] (Adobe Systems) [File not signed] S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-02] (AVAST Software) R2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-27] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-02] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-27] (AVAST Software) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8730648 2018-07-26] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522928 2018-06-30] (Microsoft Corporation) R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.) R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] () R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] () R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-07-10] (Digital Wave Ltd.) S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [686664 2018-07-12] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8942664 2018-07-12] (GOG.com) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3981360 2015-12-16] (INCA Internet Co., Ltd.) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-04-24] (Electronic Arts) R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.) R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4292984 2018-05-18] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [490672 2018-06-28] (Windscribe Limited) R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd.) R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [45936 2018-05-30] () S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-05-15] (Check Point Software Technologies, Ltd.) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-02] (AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-02] (AVAST Software) S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-02] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-02] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-02] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-02] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-02] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-02] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-02] (AVAST Software) S0 AswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-02] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-02] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467064 2018-07-24] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-02] (AVAST Software) R2 cpbak; C:\Windows\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd.) R1 CPEPMon; C:\Windows\System32\DRIVERS\CPEPMon.sys [68280 2017-11-29] (Check Point Software Technologies Ltd.) R1 epnetflt; C:\Windows\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies) R1 epregflt; C:\Windows\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies) R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [57024 2016-12-08] (Check Point Software Technologies Ltd.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] () R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-09-13] (The OpenVPN Project) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2018-02-19] (Check Point Software Technologies Ltd.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) U3 iswSvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-01 13:47 - 2018-07-02 16:40 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-09-01 13:46 - 2018-09-01 13:53 - 000026336 _____ C:\Users\Aleph\Desktop\FRST.txt 2018-09-01 13:46 - 2018-08-26 15:53 - 002413056 _____ (Farbar) C:\Users\Aleph\Desktop\FRST64.exe 2018-08-27 03:22 - 2018-09-01 13:46 - 000000000 ____D C:\FRST 2018-08-20 11:05 - 2018-08-20 11:05 - 029456176 __RSH C:\$UGM 2018-08-20 11:05 - 2018-08-07 13:16 - 158859264 _____ C:\Windows\system32\config\SOFTWARE.TPBAK 2018-08-20 11:05 - 2018-08-07 13:16 - 023068672 _____ C:\Windows\system32\config\SYSTEM.TPBAK 2018-08-20 11:05 - 2018-08-07 13:16 - 000262144 _____ C:\Windows\system32\config\SECURITY.TPBAK 2018-08-20 11:05 - 2018-08-07 13:16 - 000262144 _____ C:\Windows\system32\config\SAM.TPBAK 2018-08-19 03:25 - 2018-08-19 03:25 - 000016384 _____ C:\bcdbackup 2018-08-19 03:20 - 2018-08-19 03:20 - 000016384 _____ C:\BCD_Backup 2018-08-18 22:03 - 2018-08-18 22:03 - 000000000 ____D C:\Temp 2018-08-18 19:21 - 2018-08-18 19:21 - 000003544 ____N C:\bootsqm.dat 2018-08-18 19:16 - 2018-08-18 19:16 - 000000000 __SHD C:\found.000 2018-08-18 18:12 - 2018-09-01 13:50 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2018-08-17 03:07 - 2018-08-17 03:07 - 000117076 _____ C:\Users\Aleph\Documents\aleph-build-47.aup 2018-08-17 03:07 - 2018-08-17 03:07 - 000000000 ____D C:\Users\Aleph\Documents\aleph-build-47_data 2018-08-15 19:20 - 2018-08-18 17:29 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-08-10 03:50 - 2018-08-10 03:50 - 000174881 _____ C:\Users\Aleph\Documents\aleph-laserknees-72.aup 2018-08-10 03:50 - 2018-08-10 03:50 - 000000000 ____D C:\Users\Aleph\Documents\aleph-laserknees-72_data 2018-08-04 00:49 - 2018-08-04 00:49 - 000001202 _____ C:\Users\Aleph\Desktop\Format Factory.lnk 2018-08-04 00:49 - 2018-08-04 00:49 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2018-08-03 23:05 - 2018-08-03 23:05 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2018-08-03 23:05 - 2018-08-03 23:05 - 000002164 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2018-08-03 01:32 - 2018-08-03 01:32 - 000148089 _____ C:\Users\Aleph\Documents\aleph-build-45-46.aup 2018-08-03 01:32 - 2018-08-03 01:32 - 000000000 ____D C:\Users\Aleph\Documents\aleph-build-45-46_data ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-01 13:51 - 2009-07-14 06:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-01 13:51 - 2009-07-14 06:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-01 13:50 - 2018-01-24 14:02 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update 2018-09-01 13:50 - 2017-03-19 12:06 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-09-01 13:47 - 2010-11-21 13:38 - 000672394 _____ C:\Windows\system32\perfh01D.dat 2018-09-01 13:47 - 2010-11-21 13:38 - 000147268 _____ C:\Windows\system32\perfc01D.dat 2018-09-01 13:47 - 2009-07-14 07:13 - 001607836 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-01 13:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-09-01 13:43 - 2018-03-27 14:40 - 000000000 ____D C:\Users\Aleph\AppData\Local\AVAST Software 2018-09-01 13:41 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-21 19:49 - 2012-08-29 12:25 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-08-19 00:09 - 2009-07-14 07:32 - 000032768 _____ C:\Windows\system32\config\BCD-Template 2018-08-18 18:44 - 2016-10-23 14:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-08-18 18:43 - 2012-12-17 21:04 - 000000000 ____D C:\Users\Aleph\AppData\Local\ElevatedDiagnostics 2018-08-18 18:32 - 2018-03-28 14:12 - 000000625 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2018-08-18 18:07 - 2015-06-17 12:16 - 000001014 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3310751362-2506820872-2796058767-1001UA.job 2018-08-18 17:29 - 2017-05-23 04:47 - 000000000 ____D C:\Users\Aleph\AppData\Local\itch 2018-08-18 17:29 - 2017-03-13 02:25 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\DAZ 3D 2018-08-18 17:29 - 2016-11-16 14:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-08-18 17:29 - 2016-08-31 16:46 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\discord 2018-08-18 17:29 - 2016-07-12 12:42 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\Spotify 2018-08-18 17:29 - 2016-02-15 18:51 - 000000000 ____D C:\Program Files (x86)\Gaming Mouse driver 2018-08-18 17:29 - 2015-12-03 18:31 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2018-08-18 17:29 - 2015-09-15 06:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-18 17:29 - 2015-08-06 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-08-18 17:29 - 2015-01-22 12:08 - 000000000 ____D C:\Program Files\CCleaner 2018-08-18 17:29 - 2014-10-08 05:45 - 000000000 ____D C:\Users\Aleph\AppData\Local\MEGAsync 2018-08-18 17:29 - 2014-02-06 15:37 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\Audacity 2018-08-18 17:29 - 2014-01-18 17:00 - 000000000 ____D C:\Program Files (x86)\Combined Community Codec Pack 2018-08-18 17:29 - 2013-05-17 03:25 - 000000000 ____D C:\Program Files (x86)\FLAC 2018-08-18 17:29 - 2012-12-17 19:57 - 000000000 ____D C:\Program Files (x86)\Steam 2018-08-18 17:29 - 2012-12-17 19:37 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\Dropbox 2018-08-18 17:29 - 2012-12-17 19:24 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-08-18 17:29 - 2010-11-21 13:48 - 000000000 ___RD C:\Users\Public\Recorded TV 2018-08-18 14:30 - 2015-06-17 12:16 - 000000962 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3310751362-2506820872-2796058767-1001Core.job 2018-08-17 22:25 - 2018-07-31 10:38 - 000853597 _____ C:\Users\Aleph\Documents\Reality_plugin_Log.txt 2018-08-17 22:25 - 2016-11-16 20:27 - 000000000 ____D C:\Users\Aleph\AppData\LocalLow\Mozilla 2018-08-17 22:08 - 2018-05-28 17:08 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2018-08-17 22:08 - 2018-05-28 16:45 - 000003154 _____ C:\Windows\System32\Tasks\StartCN 2018-08-17 22:08 - 2018-05-28 16:45 - 000003068 _____ C:\Windows\System32\Tasks\StartDVR 2018-08-17 22:08 - 2017-10-30 16:09 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-08-17 22:08 - 2015-06-17 12:16 - 000003994 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3310751362-2506820872-2796058767-1001UA 2018-08-17 22:08 - 2015-06-17 12:16 - 000003598 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3310751362-2506820872-2796058767-1001Core 2018-08-17 22:08 - 2015-01-22 12:08 - 000002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-08-17 22:08 - 2014-06-01 12:36 - 000003428 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-08-17 22:08 - 2014-06-01 12:36 - 000003300 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-08-17 21:15 - 2017-03-13 02:36 - 000000000 ____D C:\Users\Public\Documents\My DAZ 3D Library 2018-08-17 21:15 - 2015-11-23 10:50 - 000000000 ____D C:\Users\Aleph\Documents\Reality 2018-08-17 17:25 - 2018-07-31 23:19 - 000000000 ____D C:\ProgramData\boost_interprocess 2018-08-17 00:14 - 2014-12-27 16:57 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-08-16 23:57 - 2015-11-07 00:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-16 21:52 - 2018-03-28 14:10 - 000000000 ___HD C:\SandBlastBackup 2018-08-16 11:23 - 2017-09-26 00:29 - 000000000 _____ C:\Windows\SysWOW64\last.dump 2018-08-15 19:23 - 2012-12-17 19:38 - 000000000 ___RD C:\Users\Aleph\Dropbox 2018-08-11 18:24 - 2012-12-17 19:20 - 000000000 ____D C:\Program Files (x86)\Google 2018-08-10 03:06 - 2014-06-01 12:36 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-09 23:33 - 2016-07-12 12:42 - 000000000 ____D C:\Users\Aleph\AppData\Local\Spotify 2018-08-09 11:59 - 2014-12-05 14:00 - 000000000 ____D C:\Windows\Minidump 2018-08-09 11:59 - 2014-07-10 03:09 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\MPC-HC 2018-08-09 11:59 - 2012-12-17 23:02 - 000000000 ____D C:\Users\Aleph\AppData\Local\CrashDumps 2018-08-06 23:01 - 2012-12-17 21:38 - 000000000 ____D C:\ProgramData\McAfee 2018-08-06 16:08 - 2012-12-17 19:49 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\DC++ 2018-08-04 00:06 - 2018-06-15 22:54 - 000000000 ____D C:\Users\Aleph\AppData\Roaming\obs-studio 2018-08-03 23:05 - 2012-12-17 19:22 - 000000000 ____D C:\Program Files\Google ==================== Files in the root of some directories ======= 2013-04-03 00:01 - 2013-04-03 00:51 - 000000087 _____ () C:\Users\Aleph\openAviToGif_settings.dat 2012-12-17 20:40 - 2017-12-16 18:14 - 000000027 _____ () C:\Program Files\plugins.dat 2014-06-19 11:52 - 2014-06-19 11:52 - 000000024 _____ () C:\Users\Aleph\AppData\Roaming\temp.ini 2013-06-09 17:23 - 2013-06-09 17:23 - 000003072 _____ () C:\Users\Aleph\AppData\Local\file__0.localstorage 2016-08-17 22:00 - 2016-08-17 22:00 - 000000093 _____ () C:\Users\Aleph\AppData\Local\fusioncache.dat 2018-07-12 21:38 - 2018-07-12 21:38 - 000000218 _____ () C:\Users\Aleph\AppData\Local\recently-used.xbel 2013-08-03 16:44 - 2018-06-24 17:54 - 000007598 _____ () C:\Users\Aleph\AppData\Local\Resmon.ResmonCfg 2017-03-30 02:44 - 2017-03-30 03:07 - 000944128 _____ () C:\Users\Aleph\AppData\Local\SageThumbs.db3 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-07 13:16 ==================== End of FRST.txt ============================