[CODE] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018 Ran by Maxi (administrator) on MAXI-PC (09-11-2018 14:21:30) Running from C:\Users\Maxi\Desktop Loaded Profiles: Maxi (Available Profiles: Maxi) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Codessentials) C:\Program Files (x86)\Codessentials\Yadis\Yadis.exe (Octoshape ApS) C:\Users\Maxi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe () C:\Program Files\Google\Drive\googledrivesync.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Spotify Ltd) C:\Users\Maxi\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATISOE.EXE (Aimersoft) C:\Program Files (x86)\Aimersoft\Aimersoft iMusic\iMusicService.exe (The Chromium Authors) C:\Users\Maxi\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) C:\Users\Maxi\AppData\Local\chromium\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (The Chromium Authors) C:\Users\Maxi\AppData\Local\chromium\Application\chrome.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (The Chromium Authors) C:\Users\Maxi\AppData\Local\chromium\Application\chrome.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\Google\Drive\googledrivesync.exe (Piriform Ltd) C:\Program Files\CCleaner\CCUpdate.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2393032 2014-07-02] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\i-Look110\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-07] (AVAST Software) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [Yadis] => c:\program files (x86)\codessentials\yadis\yadis.exe [1776128 2015-01-20] (Codessentials) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Maxi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] () HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [Spotify Web Helper] => C:\Users\Maxi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-03-07] (Spotify Ltd) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [GoogleChromeAutoLaunch_EF8C6CD580F9F242596D686BA23620AD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-10-23] (Google Inc.) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATISOE.EXE [418000 2016-07-14] (Seiko Epson Corporation) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [iMusicService] => C:\Program Files (x86)\Aimersoft\Aimersoft iMusic\iMusicService.exe [16384 2018-10-24] (Aimersoft) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [Chromium] => c:\users\maxi\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [GoogleChromeAutoLaunch_25A567910C8A88E892493232AB1D9986] => C:\Users\Maxi\AppData\Local\chromium\Application\chrome.exe [829440 2017-02-15] (The Chromium Authors) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd) HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\MountPoints2: {2e238eaa-41d9-11e4-9523-f46d04d5392e} - H:\Autorun.exe HKU\S-1-5-21-1870994137-524594959-531252655-1000\...\MountPoints2: {c42e9fdf-70e9-11e5-bbec-f46d04d5392e} - I:\autorun.exe HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> BootExecute: autocheck autochk /r \??\I:autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.115.192.90 200.115.192.30 200.115.192.29 Tcpip\..\Interfaces\{984134F2-536B-4CAF-A352-33E5CA0DBA33}: [DhcpNameServer] 200.115.192.90 200.115.192.30 200.115.192.29 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1870994137-524594959-531252655-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ar/ HKU\S-1-5-21-1870994137-524594959-531252655-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-09-13] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-03] (AVAST Software) BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-09-10] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-09-10] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-09-10] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-09-10] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (avast! Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-09-13] [Legacy] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2016-09-27] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1870994137-524594959-531252655-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Maxi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Maxi\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-10-16] (Octoshape ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com.ar/?gws_rd=ssl","hxxp://www.n2yo.com/space-station/","hxxps://www.facebook.com/","hxxp://www.xbox.com/es-ar","hxxps://www.personas.santanderrio.com.ar/hb/html/login/principal.jsp?rndPrm179=1503604390145" CHR NewTab: Default -> Not-active:"chrome-extension://fmgkbbgmfadinoembkciofacghellcmj/newtabproduct.html" CHR Profile: C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default [2018-11-09] CHR Extension: (Documentos) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (MEGA) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-11-09] CHR Extension: (YouTube) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Búsqueda de Google) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Iron Maiden) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolfioagpgjmaokepbepiinepofennac [2015-10-10] CHR Extension: (Dropbox para Gmail) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-26] CHR Extension: (Adobe Acrobat) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-05-31] CHR Extension: (AudioToAudio) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj [2018-11-07] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Maxi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-23] CHR HKLM\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1870994137-524594959-531252655-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1870994137-524594959-531252655-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1870994137-524594959-531252655-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1870994137-524594959-531252655-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eadnlkgpakfjkgpgndbpmenoacfjahgo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-06-12] () S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-12] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-12] (EasyAntiCheat Ltd) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1697736 2014-07-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21680584 2014-07-02] (NVIDIA Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2016-09-27] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Aimersoft\Aimersoft iMusic\DriverInstall.exe [112224 2018-10-24] (Wondershare) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-03] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-07] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-03] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-09-24] (DT Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-08] (Malwarebytes) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-08] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-11-09] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63768 2018-11-09] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-09] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [101200 2018-11-09] (Malwarebytes) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-07-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [686592 2008-02-13] (PixArt Imaging Inc.) S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed] R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [48424 2018-01-19] (Wondershare) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] S3 MSICDSetup; \??\G:\CDriver64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-11-09 14:19 - 2018-11-09 14:22 - 000070383 _____ C:\Users\Maxi\Desktop\Addition.txt 2018-11-09 14:17 - 2018-11-09 14:22 - 000023938 _____ C:\Users\Maxi\Desktop\FRST.txt 2018-11-09 14:15 - 2018-11-09 14:21 - 000000000 ____D C:\FRST 2018-11-09 14:15 - 2018-11-09 14:15 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-11-09 14:15 - 2018-11-09 14:15 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-11-09 14:14 - 2018-11-09 14:14 - 000101200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-11-09 14:12 - 2018-11-09 14:12 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-11-09 13:45 - 2018-11-09 14:18 - 000005584 _____ C:\Users\Maxi\Desktop\JRT.txt 2018-11-09 13:34 - 2018-11-09 13:33 - 000003448 _____ C:\Users\Maxi\Desktop\AdwCleaner[C00].txt 2018-11-09 13:19 - 2018-11-09 13:23 - 000147246 _____ C:\Users\Maxi\Desktop\mbam info.txt 2018-11-09 12:48 - 2018-11-09 14:22 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-11-09 12:48 - 2018-11-09 12:48 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-11-09 12:35 - 2018-11-09 12:35 - 016796856 _____ (Piriform Ltd) C:\Users\Maxi\Desktop\ccsetup547.exe 2018-11-09 12:35 - 2018-11-09 12:35 - 002415616 _____ (Farbar) C:\Users\Maxi\Desktop\FRST64.exe 2018-11-09 12:32 - 2018-11-09 12:32 - 007592144 _____ (Malwarebytes) C:\Users\Maxi\Desktop\adwcleaner_7.2.4.0.exe 2018-11-09 12:28 - 2018-11-09 12:31 - 001790024 _____ (Malwarebytes) C:\Users\Maxi\Desktop\JRT.exe 2018-11-09 00:30 - 2018-11-09 00:30 - 000000000 ____D C:\Users\Maxi\AppData\Local\mbamtray 2018-11-08 23:18 - 2018-11-08 23:18 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-11-08 23:10 - 2018-11-08 23:17 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-11-08 23:10 - 2018-11-08 23:10 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-11-08 23:10 - 2018-11-08 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-11-08 22:56 - 2018-11-08 22:56 - 000000000 ____D C:\ProgramData\MB3Install 2018-11-08 12:05 - 2018-11-08 12:05 - 000000000 ____D C:\Users\Maxi\AppData\Local\mbam 2018-11-08 11:44 - 2018-11-08 11:58 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2018-11-07 16:28 - 2018-11-07 16:31 - 190703419 _____ C:\Users\Maxi\Downloads\7330a543-41b0-4284-ab93-9d6e38dbeb24.tmp 2018-11-06 22:29 - 2018-11-06 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-11-06 22:19 - 2018-11-06 22:19 - 000000000 ____D C:\ProgramData\Aimersoft 2018-11-06 10:06 - 2018-11-06 10:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-11-06 10:06 - 2018-11-06 10:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-11-06 10:06 - 2018-11-06 10:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-11-06 10:06 - 2018-11-06 10:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-11-05 22:29 - 2018-11-05 22:29 - 000002980 _____ C:\Windows\System32\Tasks\{DC0B10BD-10B3-44C2-8E30-2414C58C4E93} 2018-11-05 22:22 - 2018-11-05 22:22 - 000002980 _____ C:\Windows\System32\Tasks\{4A2B0EDD-937E-4CD0-A761-09B37AC736A9} 2018-11-05 20:29 - 2018-11-06 00:18 - 000000138 _____ C:\Users\Maxi\AppData\Roaming\WB.CFG 2018-11-05 20:27 - 2018-11-05 20:27 - 000002251 _____ C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2018-11-05 20:27 - 2018-11-05 20:27 - 000002243 _____ C:\Users\Maxi\Desktop\Chromium.lnk 2018-11-05 20:20 - 2018-11-05 22:30 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\facebook-nativefier-1252c4 2018-11-05 20:20 - 2018-11-05 20:27 - 000000000 ____D C:\Users\Maxi\AppData\Local\chromium 2018-11-05 20:19 - 2018-11-05 20:19 - 000004114 _____ C:\Windows\System32\Tasks\Facebook1 2018-11-05 20:18 - 2018-11-06 14:18 - 000000000 ____D C:\Windows\System32\Tasks\productupdt 2018-11-05 20:17 - 2018-11-09 14:17 - 000000556 _____ C:\Windows\Tasks\Yahoo! Powered lemed.job 2018-11-05 20:17 - 2018-11-09 01:17 - 000000000 ____D C:\ProgramData\{7C7CB91F-F63E-33D9-70F8-AD9BEABA2655} 2018-11-05 20:17 - 2018-11-05 20:29 - 000000000 ____D C:\Users\Maxi\AppData\Local\{E707D15B-C3AF-BDE3-AE37-980B8A5F6493} 2018-11-05 20:17 - 2018-11-05 20:18 - 000000000 ____D C:\Program Files (x86)\Facebook 2018-11-05 20:17 - 2018-11-05 20:17 - 000003584 _____ C:\Windows\System32\Tasks\Yahoo! Powered lemed 2018-11-05 20:17 - 2018-11-05 20:17 - 000001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk 2018-11-05 20:16 - 2018-11-05 20:16 - 000001330 _____ C:\Users\Public\Desktop\Music Search MP3.lnk 2018-11-05 20:16 - 2018-11-05 20:16 - 000001186 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2018-11-05 20:16 - 2018-11-05 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2018-11-05 20:16 - 2018-11-05 20:16 - 000000000 ____D C:\Program Files (x86)\DsNET Corp 2018-11-05 20:16 - 2017-11-09 13:58 - 000440320 _____ (Dart Communications) C:\Windows\SysWOW64\DartSock.dll 2018-11-05 20:16 - 2017-11-09 13:58 - 000401408 _____ (Dart Communications) C:\Windows\SysWOW64\DartSecure2.dll 2018-11-05 20:16 - 2017-11-09 13:58 - 000249856 _____ (Dart Communications) C:\Windows\SysWOW64\DartCertificate.dll 2018-11-05 20:16 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL 2018-11-05 18:15 - 2018-11-05 18:15 - 000000000 ____D C:\Users\Maxi\AppData\Local\iMusic 2018-11-05 18:13 - 2018-11-05 18:13 - 000000000 ____D C:\Users\Maxi\AppData\Local\Aimersoft 2018-11-05 18:12 - 2018-11-05 18:12 - 000001305 _____ C:\Users\Public\Desktop\iMusic.lnk 2018-11-05 18:12 - 2018-11-05 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMusic 2018-11-05 18:10 - 2018-01-19 16:38 - 000048424 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys 2018-11-05 18:09 - 2018-11-05 18:09 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\iMusic 2018-11-05 18:09 - 2018-11-05 18:09 - 000000000 ____D C:\Users\Maxi\.android 2018-11-05 18:09 - 2018-11-05 18:09 - 000000000 ____D C:\Program Files (x86)\Aimersoft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-11-09 14:21 - 2018-01-17 17:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-11-09 14:16 - 2016-08-12 20:38 - 000000946 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-11-09 14:15 - 2018-01-09 16:08 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-11-09 14:13 - 2018-07-26 23:13 - 000000911 _____ C:\Windows\Tasks\EPSON L4150 Series Update {1BDF30FA-E8C4-4E3A-8C7F-9EB05A894A90}.job 2018-11-09 14:12 - 2016-08-12 20:38 - 000000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-11-09 14:12 - 2015-06-12 17:55 - 000000000 ____D C:\ProgramData\NVIDIA 2018-11-09 14:12 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-11-09 13:42 - 2009-07-14 01:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-11-09 13:42 - 2009-07-14 01:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-11-09 13:25 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2018-11-09 13:24 - 2015-07-29 22:17 - 000000000 ____D C:\AdwCleaner 2018-11-09 12:53 - 2017-11-24 21:11 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\MPC-HC 2018-11-09 12:53 - 2014-09-08 17:58 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\Media Player Classic 2018-11-09 12:48 - 2014-08-09 05:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-11-09 12:48 - 2014-08-09 05:32 - 000000000 ____D C:\Program Files\CCleaner 2018-11-08 16:32 - 2014-09-06 18:44 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6F101CB-87A0-42A9-A5BA-070ED43C7339} 2018-11-08 13:27 - 2018-06-24 13:23 - 000004048 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1529857370 2018-11-06 22:32 - 2016-08-12 20:45 - 000000000 ___RD C:\Users\Maxi\Dropbox 2018-11-06 22:30 - 2016-08-12 20:38 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-11-05 19:28 - 2014-11-06 11:29 - 000000000 ____D C:\Users\Maxi\AppData\Local\Spotify 2018-11-05 19:28 - 2014-11-06 11:26 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\Spotify 2018-11-05 18:09 - 2014-08-08 20:05 - 000000000 ____D C:\Users\Maxi 2018-11-05 15:39 - 2011-04-12 06:10 - 000747720 _____ C:\Windows\system32\perfh00A.dat 2018-11-05 15:39 - 2011-04-12 06:10 - 000159192 _____ C:\Windows\system32\perfc00A.dat 2018-11-05 15:39 - 2009-07-14 02:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI 2018-11-02 21:08 - 2014-09-16 16:40 - 000000000 ____D C:\ProgramData\VSO 2018-11-02 21:08 - 2014-08-08 22:32 - 000000000 ____D C:\Users\Maxi\AppData\Roaming\Winamp 2018-11-02 20:31 - 2014-12-19 12:31 - 000000000 ____D C:\Windows\Minidump 2018-11-02 01:42 - 2018-02-22 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2018-10-24 18:42 - 2017-06-29 14:31 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-10-24 18:42 - 2017-06-29 14:31 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-10-22 15:28 - 2017-12-15 21:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-18 18:24 - 2018-01-17 18:00 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-10-18 18:24 - 2018-01-17 18:00 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2018-10-11 12:35 - 2014-08-20 21:04 - 000000000 ____D C:\Users\Maxi\AppData\LocalLow\Adobe ==================== Files in the root of some directories ======= 2014-09-16 16:40 - 2014-09-16 17:12 - 000099384 _____ () C:\Users\Maxi\AppData\Roaming\inst.exe 2014-09-16 16:40 - 2014-09-16 17:12 - 000007859 _____ () C:\Users\Maxi\AppData\Roaming\pcouffin.cat 2014-09-16 16:40 - 2014-09-16 17:12 - 000001167 _____ () C:\Users\Maxi\AppData\Roaming\pcouffin.inf 2014-09-16 16:40 - 2014-09-16 17:12 - 000000055 _____ () C:\Users\Maxi\AppData\Roaming\pcouffin.log 2014-09-16 16:40 - 2014-09-16 17:12 - 000082816 _____ (VSO Software) C:\Users\Maxi\AppData\Roaming\pcouffin.sys 2018-11-05 20:29 - 2018-11-06 00:18 - 000000138 _____ () C:\Users\Maxi\AppData\Roaming\WB.CFG 2015-06-01 17:25 - 2015-06-01 17:25 - 000007609 _____ () C:\Users\Maxi\AppData\Local\Resmon.ResmonCfg 2018-03-22 01:02 - 2018-03-22 01:02 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{0D891CCA-49F7-49C6-9F19-9127D7286861} 2018-03-25 01:03 - 2018-03-25 01:03 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{69748D6F-E7DA-4869-889E-5DA0A88062D0} 2016-10-14 12:24 - 2016-10-14 12:24 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{82899A35-A0AE-41A9-B35F-40770698850D} 2018-03-23 01:04 - 2018-03-23 01:04 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{8290F2BD-131B-4290-82C5-A53F9B0E832A} 2018-03-25 01:04 - 2018-03-25 01:04 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{ABD44041-B36C-44F2-9356-8CEE25080AEC} 2018-03-23 05:37 - 2018-03-23 05:37 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{BA0FE5F8-50CB-406E-BC1D-B88850286345} 2018-03-24 01:04 - 2018-03-24 01:04 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{D2651511-B4F5-4F5A-AEEE-CB45155231F5} 2018-03-22 05:37 - 2018-03-22 05:37 - 000000000 _____ () C:\Users\Maxi\AppData\Local\{E512C7F3-EDE8-4A1F-8007-BE8A6DB79BD0} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-11-04 00:20 ==================== End of FRST.txt ============================ [/CODE]