Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 Ran by Craig DiPiano (administrator) on CRAIGDIPIANO-HP (14-11-2017 19:27:09) Running from C:\Users\Craig DiPiano\Desktop Loaded Profiles: Craig DiPiano (Available Profiles: Craig DiPiano & Guest & DefaultAppPool) Platform: Windows 10 Home Version 1607 14393.693 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (SAC) C:\ProgramData\ClickFreeTformer\reminder\SacReminder.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuapihost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8849832 2017-11-13] (Emsisoft Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] () HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [197928 2009-12-18] (Seagate LLC) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-07-21] (Seagate Technology LLC) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Craig DiPiano\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-07-10] (Gemalto N.V.) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-07-21] (Seagate Technology LLC) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SacReminder] => C:\ProgramData\ClickfreeTformer\reminder\SacReminder.exe [825152 2009-09-04] (SAC) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {37773de6-c7c4-11e7-9dbd-78e7d1c8ebc7} - "F:\StartClickFreeBackup.exe" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {9e2ec690-8457-11e7-9db9-78e7d1c8ebc7} - "L:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-01] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-06-19] ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-09] ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-02-02] ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\v33\EpsonReg.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2e716942-8032-463e-baf2-25dd3e2304d1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{32f97b89-1668-40b9-8cc8-91ba1b275eb3}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== SearchScopes: HKLM -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File Toolbar: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File FireFox: ======== FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default [2014-12-11] FF Extension: (Philips Branding) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\philips-branding@philips.com [2011-08-27] [not signed] FF Extension: (QuickTime Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\quicktime@songbirdnest.com [2011-02-07] [not signed] FF Extension: (Windows Media Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\windowsmedia@songbirdnest.com [2011-02-07] [not signed] FF Extension: (AAC Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Artwork Extras) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2014-07-28] [not signed] FF Extension: (CD Rip Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2014-07-28] [not signed] FF Extension: (File association) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [2014-07-28] [not signed] FF Extension: (gonzo) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2014-07-28] [not signed] FF Extension: (H.264 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewh264dec@songbirdnest.com [2014-07-28] [not signed] FF Extension: (mashTape) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2014-07-28] [not signed] FF Extension: (MP3 Encoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2014-07-28] [not signed] FF Extension: (MPEG-4 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmpeg4dec@songbirdnest.com [2014-07-28] [not signed] FF Extension: (MSC Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2014-07-28] [not signed] FF Extension: (MTP Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Philips addon manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2014-07-28] [not signed] FF Extension: (Philips auto msc-mtp switch) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2014-07-28] [not signed] FF Extension: (Philips Branding) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [2014-07-28] [not signed] FF Extension: (Philips GoGear Device Manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Philips Skin) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [2014-07-28] [not signed] FF Extension: (Philips UI) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [2014-07-28] [not signed] FF Extension: (Purple Rain) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Concerts) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2014-07-28] [not signed] FF Extension: (LikeMusic) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2014-07-28] [not signed] FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2014-07-28] [not signed] FF Extension: (Philips Promotions) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2014-07-28] [not signed] FF Extension: (rhapsody) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\rhapsody@songbirdnest.com [2014-07-28] [not signed] FF Extension: (Media Sharing) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2014-07-28] [not signed] FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\62fa0614-5d53-4857-a24a-46d24ee810a3.xml [2011-02-07] FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\7c448e2e-7f1f-4329-965e-4fb614062ebf.xml [2014-07-28] FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default [2017-11-14] FF user.js: detected! => C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\user.js [2014-01-19] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google FF Homepage: Mozilla\Firefox\Profiles\5akk4lm7.default -> hxxp://www.google.com/ FF Extension: (Add Google Search To New Tab Page) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2016-10-02] FF Extension: (Video Downloader) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\pbekeglhko@pbekeglhko.org.xpi [2013-03-27] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => not found FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 => not found FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-26] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-23] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2794434498-725242176-3457425843-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> javascript:location.href=%27mailto:?SUBJECT=%27+document.title+%27&BODY=%27+escape(location.href); CHR Profile: C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default [2017-11-14] CHR Extension: (Slides) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04] CHR Extension: (YouTube) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04] CHR Extension: (Google Docs Offline) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-04] CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2017-11-13] CHR Extension: (Save to Facebook) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-08-13] CHR Extension: (Google Keep Chrome Extension) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-06-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Send from Gmail (by Google)) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-05-06] CHR Extension: (Gmail) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04] CHR Extension: (Chrome Media Router) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9173552 2017-11-13] (Emsisoft Ltd) S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed] S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed] S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony Corporation) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed] R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-07-21] (Seagate Technology LLC) S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-07-21] (Seagate Technology LLC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\WINDOWS\System32\drivers\61883.sys [61952 2016-07-16] (Microsoft Corporation) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider) R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd) R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-11-14] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [23536 2010-01-19] (PC-Doctor, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X] S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-14 19:27 - 2017-11-14 19:27 - 000026894 _____ C:\Users\Craig DiPiano\Desktop\FRST.txt 2017-11-14 19:27 - 2017-11-14 19:27 - 000000000 ____D C:\FRST 2017-11-14 19:26 - 2017-11-14 19:26 - 002392576 _____ (Farbar) C:\Users\Craig DiPiano\Desktop\FRST64.exe 2017-11-14 19:07 - 2017-11-14 19:15 - 000000000 ____D C:\AdwCleaner 2017-11-14 18:52 - 2017-11-14 19:00 - 000000000 ____D C:\ProgramData\Emsisoft 2017-11-14 18:51 - 2017-11-14 18:51 - 000000939 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2017-11-14 18:51 - 2017-11-14 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2017-11-14 18:50 - 2017-11-14 19:22 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware 2017-11-14 18:39 - 2017-11-14 18:41 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\AvgSetupLog 2017-11-14 18:29 - 2017-11-14 18:49 - 291547704 _____ (Emsisoft Ltd. ) C:\Users\Craig DiPiano\Downloads\EmsisoftAntiMalwareSetup.exe 2017-11-14 18:26 - 2017-11-14 19:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-11-14 18:26 - 2017-11-14 18:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-11-14 18:18 - 2017-11-14 18:18 - 000001291 _____ C:\Users\Craig DiPiano\Desktop\MBAM scan.txt 2017-11-13 12:46 - 2017-11-13 13:22 - 000000000 _____ C:\Recovery.txt 2017-11-12 11:19 - 2017-11-12 14:50 - 000000000 ____D C:\ProgramData\ClickFreeTformer 2017-11-12 11:19 - 2017-11-12 11:19 - 000000000 ____D C:\ProgramData\ClickfreeIPTformer 2017-11-09 18:06 - 2017-11-09 18:06 - 005164530 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Reference Images.pdf 2017-11-09 18:05 - 2017-11-09 18:06 - 000203037 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Materials (1).pdf 2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel 2017-11-04 11:30 - 2017-10-24 17:53 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171104-123031.backup 2017-10-29 12:42 - 2017-10-29 12:42 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\webkit 2017-10-29 12:33 - 2017-11-05 15:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gtk-2.0 2017-10-29 12:32 - 2017-10-29 12:32 - 000000000 ____D C:\Users\Craig DiPiano\.thumbnails 2017-10-29 12:27 - 2017-11-05 15:13 - 000000000 ____D C:\Users\Craig DiPiano\.gimp-2.8 2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gegl-0.2 2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\fontconfig 2017-10-29 12:26 - 2017-10-29 12:26 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2017-10-29 12:25 - 2017-10-29 12:26 - 000000000 ____D C:\Program Files\GIMP 2 2017-10-29 12:24 - 2017-10-29 12:25 - 089579672 _____ (The GIMP Team ) C:\Users\Craig DiPiano\Downloads\gimp-2.8.22-setup.exe 2017-10-24 17:53 - 2017-10-22 11:03 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171024-185315.backup 2017-10-22 11:03 - 2017-10-13 17:09 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171022-120320.backup 2017-10-21 11:38 - 2017-10-21 11:38 - 000000925 _____ C:\Users\Craig DiPiano\Downloads\events.ics 2017-10-20 16:53 - 2017-10-20 16:53 - 000003890 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1 Merge 2017-10-20 16:53 - 2017-10-20 16:53 - 000003862 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1 2017-10-17 18:16 - 2017-10-17 18:16 - 000003638 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano DBAgent 2 0 2017-10-17 18:16 - 2017-10-17 18:16 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Nero 2017-10-17 18:15 - 2017-10-17 18:15 - 000003644 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch 2017-10-17 18:14 - 2017-10-17 18:14 - 000002180 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk 2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Nero 2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2017-10-17 18:13 - 2017-10-17 18:13 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Seagate 2017-10-17 18:08 - 2017-10-17 18:10 - 156799280 _____ (Seagate) C:\Users\Craig DiPiano\Downloads\Seagate_Dashboard_Installer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-14 19:25 - 2016-11-24 05:43 - 001427924 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-11-14 19:21 - 2016-12-31 04:40 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-11-14 19:19 - 2016-11-24 06:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-14 19:19 - 2016-07-16 01:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-11-14 19:15 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Yahoo! 2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\LocalLow\Yahoo! 2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Program Files (x86)\Yahoo! 2017-11-14 18:58 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Adobe 2017-11-14 18:43 - 2016-11-11 04:08 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\AVG 2017-11-14 18:43 - 2016-11-11 03:39 - 000000000 ____D C:\ProgramData\Avg 2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files\Google 2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Google 2017-11-14 18:43 - 2010-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\AVG 2017-11-14 18:27 - 2010-06-20 17:45 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Adobe 2017-11-14 18:27 - 2010-06-20 13:09 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Adobe 2017-11-14 18:26 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-11-14 18:22 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF 2017-11-14 18:19 - 2010-06-20 17:57 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Google 2017-11-14 18:19 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Google 2017-11-14 18:06 - 2016-11-24 05:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-11-14 17:50 - 2017-05-04 15:33 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-11-11 13:44 - 2016-11-24 05:44 - 000000000 ____D C:\Users\Craig DiPiano 2017-11-06 20:18 - 2017-07-27 16:07 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2794434498-725242176-3457425843-1001 2017-11-06 20:18 - 2016-05-20 17:23 - 000002436 _____ C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-11-06 20:18 - 2016-05-20 17:23 - 000000000 ___RD C:\Users\Craig DiPiano\OneDrive 2017-11-04 19:48 - 2013-02-02 10:01 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\ArcSoft 2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2017-10-22 14:52 - 2012-07-20 11:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\SanDisk 2017-10-22 14:50 - 2010-08-05 19:50 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\vlc 2017-10-22 12:34 - 2011-02-04 16:32 - 000000000 ____D C:\Users\Craig DiPiano\Documents\FINANCES 2017-10-22 12:32 - 2012-06-16 10:46 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Auto 2017-10-17 18:14 - 2010-06-20 17:38 - 000000000 ____D C:\Program Files (x86)\Seagate 2017-10-17 17:24 - 2017-07-25 17:11 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Sketches_Scanned ==================== Files in the root of some directories ======= 2010-07-12 17:48 - 2010-10-17 10:11 - 000033134 _____ () C:\Users\Craig DiPiano\AppData\Roaming\UserTile.png 2010-06-27 19:18 - 2017-08-03 17:02 - 000002500 _____ () C:\Users\Craig DiPiano\AppData\Roaming\wklnhst.dat 2017-01-24 17:27 - 2017-09-24 12:35 - 000016960 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\1eaadjc.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000018724 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\bass.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000014392 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\kfgresk.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000014456 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\mjcriu.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000010816 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\peaadje.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000028760 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\qwadjb.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000015424 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\rsaadjd.dll 2017-01-24 17:27 - 2017-09-24 12:35 - 000098872 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\~DFK51ab8d40.tmp 2010-07-20 18:35 - 2017-09-24 12:34 - 000082432 _____ () C:\Users\Craig DiPiano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ () C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel 2012-05-24 17:11 - 2012-05-24 17:11 - 000000017 _____ () C:\Users\Craig DiPiano\AppData\Local\resmon.resmoncfg 2011-07-23 18:58 - 2011-07-23 18:58 - 000000000 _____ () C:\Users\Craig DiPiano\AppData\Local\{A5A7E4C1-9043-4FD1-8D28-C74B15880741} 2012-02-27 10:42 - 2013-02-24 12:24 - 000000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Files to move or delete: ==================== C:\Users\Craig DiPiano\lametritonus_en.dll C:\Users\Craig DiPiano\lame_enc_en.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-06 16:49 ==================== End of FRST.txt ============================