Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2017 Ran by oem (administrator) on OEM-PC (15-11-2017 19:43:15) Running from C:\Users\oem\Downloads Loaded Profiles: oem (Available Profiles: oem) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET spol. s r.o.) C:\Users\oem\Downloads\esetonlinescanner_enu (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [CCE] => C:\Users\oem\Downloads\cce_x64\CCE.exe [8689344 2017-01-20] (COMODO) HKLM-x32\...\Run: [vsc32cnf.exe] => C:\Program Files (x86)\Roland\VSC32\vsc32cnf.exe [36864 2000-02-07] (Roland) HKLM-x32\...\Run: [vscvol.exe] => C:\Program Files (x86)\Roland\VSC32\vscvol.exe [36864 2000-02-08] (Roland) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.) HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => c:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1169047866-1453864902-1859027363-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.) HKU\S-1-5-21-1169047866-1453864902-1859027363-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1169047866-1453864902-1859027363-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{51687928-34F0-48E6-AF81-8289C43298ED}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1169047866-1453864902-1859027363-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security) Toolbar: HKU\S-1-5-21-1169047866-1453864902-1859027363-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchKeyword: Default -> s CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2017-11-15] CHR Extension: (Slides) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05] CHR Extension: (Docs) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12] CHR Extension: (Google Drive) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-11-14] CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22] CHR Extension: (Google Search) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-22] CHR Extension: (Sheets) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05] CHR Extension: (Yaprak) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiilfocmghmcghpgkaeipdgigbebpagh [2017-08-05] CHR Extension: (Google Docs Offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-30] CHR Extension: (AdBlock) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-14] CHR Extension: (Save to Facebook) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-06-22] CHR Extension: (Supercharge) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfdbeekehknpfmeogogjjghkgckdhab [2016-09-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26] CHR Extension: (Gmail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22] CHR Extension: (Chrome Media Router) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-17] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.) S2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed] S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender) S2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [48856 2014-05-19] (Realtek) S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] () S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek) S2 RunSwUSB; C:\Windows\runSW.exe [36864 2014-04-15] () [File not signed] S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) S2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed] S2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-08-29] (Bitdefender) S2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-08-29] (Bitdefender) S2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-08-29] (Bitdefender) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-04-25] (Microsoft Corporation) S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X] S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X] S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 atc; C:\Windows\System32\DRIVERS\atc.sys [1019880 2017-10-13] (BitDefender S.R.L. Bucharest, ROMANIA) S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-08-29] (BitDefender) R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [155488 2017-11-09] (Bitdefender) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2017-11-02] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [849248 2017-11-02] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2017-11-02] (COMODO) S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA) S0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-11-02] (COMODO) S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH) S2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-15 19:43 - 2017-11-15 19:45 - 000014422 _____ C:\Users\oem\Downloads\FRST.txt 2017-11-15 19:40 - 2017-11-15 19:43 - 000000000 ____D C:\FRST 2017-11-15 19:38 - 2017-11-15 19:38 - 002392576 _____ (Farbar) C:\Users\oem\Downloads\FRST64.exe 2017-11-15 19:36 - 2017-11-15 19:36 - 006968952 _____ (ESET spol. s r.o.) C:\Users\oem\Downloads\esetonlinescanner_enu (1).exe 2017-11-15 19:02 - 2017-11-15 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-11-15 18:46 - 2017-11-15 19:33 - 000000000 ____D C:\Users\oem\Downloads\cce_x64 2017-11-15 16:54 - 2017-11-15 16:54 - 029077833 _____ C:\Users\oem\Downloads\cce_x64.zip 2017-11-15 16:40 - 2017-11-15 19:36 - 000000000 ____D C:\Users\oem\AppData\Local\ESET 2017-11-15 16:40 - 2017-11-15 16:40 - 006968952 _____ (ESET spol. s r.o.) C:\Users\oem\Downloads\esetonlinescanner_enu.exe 2017-11-15 15:39 - 2017-11-15 15:39 - 000000000 ____D C:\Program Files (x86)\CheckPoint 2017-11-15 15:33 - 2017-11-15 15:33 - 000001039 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2017-11-15 15:33 - 2017-11-15 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-11-15 15:33 - 2017-11-15 15:33 - 000000000 ____D C:\Program Files\VS Revo Group 2017-11-15 15:32 - 2017-11-15 15:33 - 007189760 _____ (VS Revo Group ) C:\Users\oem\Downloads\revosetup.exe 2017-11-14 23:03 - 2017-11-14 23:03 - 001700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2017-11-14 23:03 - 2017-11-14 23:03 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll 2017-11-14 23:03 - 2017-11-14 23:03 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2017-11-14 23:01 - 2017-11-14 23:02 - 000000000 ____D C:\Windows\System32\Tasks\COMODO 2017-11-14 23:00 - 2017-11-14 23:03 - 000000000 ____D C:\Users\oem\AppData\Local\Comodo 2017-11-14 22:56 - 2017-11-15 15:36 - 000000000 ____D C:\ProgramData\Comodo 2017-11-14 22:56 - 2017-11-14 22:56 - 005498096 _____ (COMODO) C:\Users\oem\Downloads\cfw_installer_6106_53.exe 2017-11-14 22:56 - 2017-11-14 22:56 - 000000000 ____D C:\ProgramData\Shared Space 2017-11-14 22:56 - 2017-11-14 22:56 - 000000000 ____D C:\ProgramData\Comodo Downloader 2017-11-13 10:26 - 2017-11-13 10:26 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-11-13 10:26 - 2017-11-13 10:26 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-11-13 10:26 - 2017-11-13 10:26 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-11-13 10:26 - 2017-11-13 10:26 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-11-09 21:55 - 2017-11-09 21:55 - 000155488 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys 2017-11-09 13:16 - 2017-11-09 13:16 - 000912792 _____ (COMODO) C:\Windows\system32\guard64.dll 2017-11-09 13:16 - 2017-11-09 13:16 - 000702376 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll 2017-11-09 13:16 - 2017-11-09 13:16 - 000051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2017-11-09 13:13 - 2017-11-09 13:13 - 000467136 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll 2017-11-09 13:10 - 2017-11-09 13:10 - 000371392 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll 2017-11-09 01:40 - 2017-11-12 19:40 - 000004883 _____ C:\Users\oem\Documents\Roy Orbison Alternative takes.txt 2017-11-08 22:20 - 2017-11-08 22:25 - 000012762 _____ C:\Users\oem\Downloads\Known Roy Orbison Demo songs.odt 2017-11-08 19:25 - 2017-11-08 19:25 - 000014041 _____ C:\Users\oem\Downloads\unreleased Roy Orbison MGM songs.odt 2017-11-08 00:14 - 2017-11-08 00:14 - 000013152 _____ C:\Users\oem\Downloads\2_RCA RECORDS' LIST.odt 2017-11-08 00:03 - 2017-09-22 11:57 - 000015037 _____ C:\Users\oem\Documents\Interview%20two%20Marty%20and%20Alex.rtf_0.odt 2017-11-07 05:05 - 2017-11-12 19:41 - 000002636 _____ C:\Users\oem\Documents\Roy Orbison demos.txt 2017-11-06 13:55 - 2017-11-06 14:01 - 000000000 ____D C:\Users\oem\Downloads\Ben and Fred 2017-11-03 19:11 - 2017-11-03 19:11 - 000000000 ____D C:\Users\oem\AppData\Roaming\PotPlayerMini64 2017-11-03 19:11 - 2017-11-03 19:11 - 000000000 ____D C:\Users\oem\AppData\Roaming\Daum 2017-11-03 19:08 - 2017-11-14 02:47 - 000001022 _____ C:\Users\oem\Desktop\PotPlayer 64 bit.lnk 2017-11-03 19:08 - 2017-11-03 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum 2017-11-03 19:08 - 2017-11-03 19:08 - 000000000 ____D C:\Program Files\DAUM 2017-11-02 14:10 - 2017-11-02 14:10 - 000849248 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys 2017-11-02 14:10 - 2017-11-02 14:10 - 000122520 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys 2017-11-02 14:10 - 2017-11-02 14:10 - 000059096 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys 2017-11-02 14:10 - 2017-11-02 14:10 - 000034280 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys 2017-11-01 00:24 - 2017-11-01 00:25 - 115111494 _____ C:\Users\oem\Downloads\wetransfer-f4d5e9.zip 2017-10-23 16:32 - 2017-10-23 16:33 - 121078493 _____ C:\Users\oem\Downloads\Hendersonville, TN Home for sale.mp4 2017-10-18 14:41 - 2017-10-18 15:29 - 000000000 ____D C:\Users\oem\Downloads\Beach outdoors 2017-10-18 14:29 - 2017-10-18 14:31 - 000000000 ____D C:\Users\oem\Downloads\Beatles Orbison Tour Programme 2017-10-18 14:17 - 2017-10-18 14:32 - 000000000 ____D C:\Users\oem\Downloads\Marty and Louise 2017-10-18 13:49 - 2017-10-18 15:59 - 000000000 ____D C:\Users\oem\Downloads\with Beatles 2017-10-18 13:39 - 2017-10-18 13:40 - 000000000 ____D C:\Users\oem\Downloads\personal pictures 2017-10-18 13:22 - 2017-10-18 18:43 - 000000000 ____D C:\Users\oem\Downloads\Roy Marianne 2017-10-17 23:06 - 2017-10-17 23:06 - 000000000 ____D C:\Users\oem\AppData\Roaming\Adobe Mini Bridge CS5 2017-10-16 17:17 - 2017-10-16 17:17 - 007212659 _____ C:\Users\oem\Downloads\Roy Joe - Blue Angel ( 2 Demo's).mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-15 19:38 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-15 19:38 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf 2017-11-15 19:34 - 2017-08-09 22:03 - 001652124 _____ C:\Windows\ntbtlog.txt 2017-11-15 19:33 - 2016-12-18 00:04 - 000000000 ____D C:\Users\oem\AppData\Roaming\Skype 2017-11-15 19:32 - 2017-08-05 10:01 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2017-11-15 19:31 - 2017-03-08 17:13 - 000000000 ____D C:\ProgramData\Kodak 2017-11-15 19:31 - 2016-10-17 04:12 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-11-15 19:31 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-15 19:13 - 2016-02-12 10:12 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-11-15 19:06 - 2009-07-14 04:45 - 000025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-15 19:06 - 2009-07-14 04:45 - 000025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-15 19:02 - 2016-10-17 04:12 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-11-15 16:00 - 2017-06-03 11:03 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-11-15 16:00 - 2017-06-03 11:02 - 000000000 ____D C:\ProgramData\Adobe 2017-11-15 15:59 - 2017-09-16 19:50 - 000000000 ____D C:\Program Files\Common Files\Adobe 2017-11-15 15:29 - 2016-10-17 04:12 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-11-15 14:47 - 2017-08-05 09:49 - 000000000 ____D C:\Program Files\Bitdefender Agent 2017-11-15 03:57 - 2009-07-14 04:45 - 004858000 _____ C:\Windows\system32\FNTCACHE.DAT 2017-11-14 23:27 - 2017-06-03 11:00 - 000000000 ____D C:\Users\oem\AppData\Local\Adobe 2017-11-14 22:22 - 2016-02-12 10:14 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-14 22:22 - 2016-02-12 10:14 - 000002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-13 18:27 - 2017-09-16 19:52 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-11-12 22:02 - 2016-10-17 04:16 - 000000000 ___RD C:\Users\oem\Dropbox 2017-11-12 22:02 - 2016-10-17 04:12 - 000000000 ____D C:\Users\oem\AppData\Local\Dropbox 2017-11-05 13:40 - 2017-04-04 13:33 - 000000000 ____D C:\Users\oem\Downloads\Family 2017-11-02 09:35 - 2016-02-12 10:18 - 000000000 ____D C:\Users\oem\AppData\Roaming\Adobe 2017-10-31 18:21 - 2016-11-01 12:06 - 000002200 _____ C:\Users\oem\Documents\Address book.txt 2017-10-23 21:01 - 2016-08-22 10:53 - 000000000 ____D C:\Users\oem\AppData\Roaming\vlc 2017-10-23 20:24 - 2016-02-12 10:16 - 000000876 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-10-23 18:36 - 2016-08-22 10:53 - 000000000 ____D C:\Users\oem\AppData\Roaming\dvdcss ==================== Files in the root of some directories ======= 2016-09-12 16:28 - 2016-09-12 16:28 - 000000036 _____ () C:\Users\oem\AppData\Local\housecall.guid.cache 2017-03-14 02:03 - 2017-03-14 02:03 - 000000236 _____ () C:\Users\oem\AppData\Local\LaunchHomeCenter.log 2017-03-08 17:33 - 2017-03-08 17:33 - 000000017 _____ () C:\Users\oem\AppData\Local\resmon.resmoncfg 2017-08-05 09:49 - 2017-08-05 09:50 - 000017354 _____ () C:\ProgramData\agent.1501926591.2960.bin 2017-08-05 09:49 - 2017-08-05 09:50 - 000002744 _____ () C:\ProgramData\agent.1501926591.3020.bin 2017-08-05 09:49 - 2017-08-05 09:50 - 000001497 _____ () C:\ProgramData\agent.1501926591.5244.bin 2017-08-05 09:49 - 2017-08-05 09:50 - 000026658 _____ () C:\ProgramData\agent.1501926591.6788.bin 2017-08-06 22:48 - 2017-08-06 22:48 - 000030950 _____ () C:\ProgramData\agent.update.1502059707.bdinstall.bin Some files in TEMP: ==================== 2016-09-01 21:59 - 2016-09-01 22:00 - 031717016 _____ () C:\Users\oem\AppData\Local\Temp\vlc-2.2.4-win64.exe 2017-10-23 20:22 - 2017-10-23 20:23 - 032100680 _____ () C:\Users\oem\AppData\Local\Temp\vlc-2.2.6-win64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-09 04:15 ==================== End of FRST.txt ============================