Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016 Ran by LG (administrator) on LG-PC (08-07-2016 22:54:16) Running from C:\Users\LG\Desktop\JAROSLAW Loaded Profiles: LG (Available Profiles: LG) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: "C:\Program Files\Light\light.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1473656 2015-10-29] (QIHU 360 SOFTWARE CO. LIMITED) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2271161697-3436941167-2169526998-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{3DE1CBF9-225F-4896-947C-2EB3439ED76B}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E4EA9FD8-DD2B-42E9-97E2-5A7F5F855AD1}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2271161697-3436941167-2169526998-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/ FireFox: ======== FF ProfilePath: C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-30] () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\user.js [2016-07-06] FF SearchPlugin: C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\searchplugins\u9to087w.xml [2016-07-06] FF Extension: Quick Locale Switcher - C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-07-01] FF Extension: Quick Locale Switcher - C:\Users\LG\AppData\Roaming\Mozilla\Firefox\Profiles\p80yf1wn.default\Extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-07-01] FF Extension: GsearchFinder - C:\Users\LG\AppData\Roaming\Profiles\5fjs1l5u.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-07-06] FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2016-07-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 graputycorereevik.exe; C:\Program Files\Woverkclerbch\graputycorereevik.exe [720608 2016-07-06] () R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [863864 2015-10-29] (QIHU 360 SOFTWARE CO. LIMITED) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-01-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [121936 2015-10-29] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [66128 2015-10-29] (360.cn) R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [203856 2015-10-29] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-10-29] (360.cn) R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [179024 2015-10-29] (360安全中心) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [174672 2015-10-29] (360.cn) R0 DsArk; C:\Windows\system32\Drivers\DsArk.sys [109136 2015-10-29] (360.cn) R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2015-10-29] (360.cn) R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [60112 2015-10-29] (360安全中心) R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [293840 2015-10-29] (360.cn) R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2015-10-29] (360.cn) S3 ComputerZ; \??\C:\Program Files\LuDaShi\ComputerZ.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: HpSvc -> no filepath. ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-08 22:53 - 2016-07-08 22:54 - 00000000 ____D C:\FRST 2016-07-08 22:49 - 2016-07-08 22:49 - 00267480 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-08 22:43 - 2016-07-08 22:47 - 00000000 ____D C:\AdwCleaner 2016-07-08 22:41 - 2016-07-08 22:54 - 00000000 ____D C:\Users\LG\Desktop\JAROSLAW 2016-07-08 04:37 - 2015-10-29 12:29 - 00109136 _____ (360.cn) C:\Windows\system32\Drivers\DsArk.sys 2016-07-07 23:56 - 2016-07-07 23:56 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-07 23:56 - 2016-07-07 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-07-07 23:56 - 2016-07-07 23:56 - 00000000 ____D C:\Program Files\CCleaner 2016-07-07 22:59 - 2016-07-08 04:39 - 00000000 __SHD C:\$360Section 2016-07-07 22:03 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\LG\AppData\Roaming\ziptool_wc-9015_setup.exe 2016-07-07 22:02 - 2016-05-26 10:51 - 04761392 _____ () C:\Users\LG\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe 2016-07-07 21:53 - 2016-07-07 21:53 - 00000000 ____D C:\Program Files\{516D9F5A-D8E3-485A-838A-AE688ED07E5C} 2016-07-07 21:51 - 2016-07-07 22:01 - 00000000 _RSHD C:\360SANDBOX 2016-07-07 21:51 - 2015-10-29 12:29 - 00053960 _____ (360.cn) C:\Windows\system32\Drivers\qutmipc.sys 2016-07-07 21:47 - 2016-07-07 23:53 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Light.lnk 2016-07-07 21:47 - 2016-07-07 23:53 - 00000000 ____D C:\Program Files\Light 2016-07-07 20:54 - 2016-07-08 04:39 - 00000000 __SHD C:\ProgramData\360Quarant 2016-07-07 20:48 - 2016-07-08 22:50 - 00000000 ____D C:\Users\LG\AppData\LocalLow\360WD 2016-07-07 20:48 - 2016-07-07 21:53 - 00000000 ____D C:\Users\LG\AppData\Roaming\360safe 2016-07-07 20:48 - 2016-07-07 21:52 - 00000000 ____D C:\ProgramData\360safe 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\Windows\Tasks\360Disabled 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\Users\LG\AppData\Roaming\360TotalSecurity 2016-07-07 20:48 - 2016-07-07 20:48 - 00000000 ____D C:\ProgramData\360TotalSecurity 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-07 20:47 - 2016-07-07 20:47 - 00000000 ____D C:\Program Files\360 2016-07-07 20:47 - 2015-10-29 12:29 - 00293840 _____ (360.cn) C:\Windows\system32\Drivers\qutmdrv.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00203856 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00179024 _____ (360安全中心) C:\Windows\system32\Drivers\360SelfProtection.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00174672 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV.SYS 2016-07-07 20:47 - 2015-10-29 12:29 - 00121936 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00066128 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00060112 _____ (360安全中心) C:\Windows\system32\Drivers\hookport.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00034888 _____ (360.cn) C:\Windows\system32\Drivers\360Camera.sys 2016-07-07 20:47 - 2015-10-29 12:29 - 00023248 _____ (360.cn) C:\Windows\system32\Drivers\efimon.sys 2016-07-07 20:42 - 2016-07-07 20:42 - 00000000 ____D C:\Users\LG\AppData\Roaming\ludashi 2016-07-07 20:28 - 2016-07-07 20:28 - 00250912 _____ C:\Windows\system32\kz.exe 2016-07-07 20:13 - 2016-07-07 20:13 - 00000000 ____D C:\Users\LG\Desktop\Muza 2016-07-07 20:12 - 2016-07-07 20:13 - 00000000 ____D C:\Users\LG\Desktop\Pics 2016-07-07 19:56 - 2016-07-07 19:56 - 00000000 ____D C:\Users\LG\AppData\LocalLow00212C98 2016-07-07 19:55 - 2016-07-07 19:55 - 00000000 ____D C:\Users\LG\AppData\LocalLow001D2A48 2016-07-07 17:31 - 2016-07-07 17:31 - 00000000 ____D C:\Users\LG\AppData\LocalLow00391010 2016-07-07 17:31 - 2016-07-07 17:31 - 00000000 ____D C:\Users\LG\AppData\LocalLow00390F48 2016-07-07 17:31 - 2016-07-07 17:31 - 00000000 ____D C:\Users\LG\AppData\LocalLow00390E80 2016-07-07 17:31 - 2016-07-07 17:31 - 00000000 ____D C:\Users\LG\AppData\LocalLow00390DA0 2016-07-07 17:31 - 2016-07-07 17:31 - 00000000 ____D C:\Users\LG\AppData\LocalLow00342A48 2016-07-07 16:45 - 2016-07-07 16:45 - 00022472 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\64F7BC0E.sys 2016-07-07 14:38 - 2016-07-07 14:38 - 00000000 ____D C:\Users\LG\AppData\LocalLow003389B8 2016-07-07 14:38 - 2016-07-07 14:38 - 00000000 ____D C:\Users\LG\AppData\LocalLow002F6730 2016-07-07 14:37 - 2016-07-07 14:37 - 00000000 ____D C:\Users\LG\AppData\Roaming\lockhomepage 2016-07-07 00:12 - 2016-07-07 00:12 - 00022472 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\982D7CD0.sys 2016-07-06 22:15 - 2016-07-07 14:56 - 00000000 ____D C:\Users\LG\Doctor Web 2016-07-06 21:58 - 2016-07-04 07:53 - 51376752 _____ (UCWeb Inc.) C:\Users\LG\AppData\Roaming\Browser_V5.6.14087.7_r_4681_(Build1607010949).exe 2016-07-06 21:51 - 2016-07-06 21:51 - 00000000 ____D C:\Users\LG\AppData\LocalLow0036D0A0 2016-07-06 21:51 - 2016-07-06 21:51 - 00000000 ____D C:\Users\LG\AppData\LocalLow00356730 2016-07-06 19:26 - 2016-07-06 19:26 - 00000000 ____D C:\Windows\system32\xezs 2016-07-06 19:09 - 2016-07-07 20:11 - 00000000 ____D C:\Users\LG\AppData\Local\node-webkit 2016-07-06 19:05 - 2016-07-07 19:59 - 07616340 _____ C:\Users\LG\AppData\Roaming\setup.apk 2016-07-06 19:05 - 2016-06-30 12:29 - 48004712 _____ (Maxthon International ltd.) C:\Users\LG\AppData\Roaming\mx4.9.3.1000.exe 2016-07-06 19:02 - 2016-07-06 19:02 - 00000000 ____D C:\Users\LG\AppData\Roaming\Softlink 2016-07-06 19:01 - 2016-07-06 19:11 - 00000000 ____D C:\Users\LG\AppData\Roaming\Kuaizip 2016-07-06 19:01 - 2016-02-18 03:56 - 07318464 _____ C:\Users\LG\AppData\Roaming\KuaiZip_Setup_703612525_zzlm_002.exe 2016-07-06 18:57 - 2016-07-01 11:19 - 08284704 _____ (深圳市伟创科技软件有限公司) C:\Users\LG\AppData\Roaming\MaoHaWiFiSetup_263.exe 2016-07-06 18:55 - 2016-07-06 18:55 - 00000000 ____D C:\Users\LG\AppData\LocalLow00115B08 2016-07-06 18:55 - 2016-07-06 18:55 - 00000000 ____D C:\Users\LG\AppData\LocalLow000D6730 2016-07-06 18:51 - 2016-07-06 18:51 - 00000000 ____D C:\Users\LG\AppData\LocalLow004AA318 2016-07-06 18:50 - 2016-07-06 18:50 - 00000000 __RSH C:\MSDOS.SYS 2016-07-06 18:50 - 2016-07-06 18:50 - 00000000 __RSH C:\IO.SYS 2016-07-06 18:50 - 2016-07-06 18:50 - 00000000 ____D C:\Users\LG\AppData\LocalLow\Company 2016-07-06 18:49 - 2016-07-08 04:37 - 00000000 ____D C:\Users\LG\AppData\Roaming\Ezipduedg 2016-07-06 18:49 - 2016-07-08 04:37 - 00000000 ____D C:\Users\LG\AppData\Local\Apps\2.0 2016-07-06 18:49 - 2016-07-08 04:37 - 00000000 ____D C:\Program Files\mpck 2016-07-06 18:49 - 2016-07-06 18:50 - 00011568 _____ C:\Users\LG\AppData\Roaming\InstallationConfiguration.xml 2016-07-06 18:49 - 2016-07-06 18:49 - 00128512 _____ C:\Users\LG\AppData\Roaming\Installer.dat 2016-07-06 18:49 - 2016-07-06 18:49 - 00000000 ____D C:\Users\LG\AppData\Local\Tempfolder 2016-07-06 18:49 - 2016-07-06 18:49 - 00000000 _____ C:\Windows\system32\Number of results 2016-07-06 18:41 - 2016-07-06 18:38 - 00001225 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-07-06 18:37 - 2016-07-07 20:23 - 00000000 ____D C:\Program Files\Woverkclerbch 2016-06-30 21:22 - 2016-06-30 21:22 - 00000000 ___RD C:\Users\LG\Documents\Notes 2016-06-28 03:12 - 2016-06-28 03:12 - 00314434 ____N C:\Users\LG\AppData\Roaming\EYapp.apk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-08 22:51 - 2015-03-14 15:03 - 00000000 ____D C:\Users\LG\AppData\Roaming\Skype 2016-07-08 22:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-08 22:43 - 2015-03-15 13:54 - 00739916 _____ C:\Windows\system32\perfh015.dat 2016-07-08 22:43 - 2015-03-15 13:54 - 00155458 _____ C:\Windows\system32\perfc015.dat 2016-07-08 22:43 - 2014-01-13 23:47 - 00736844 _____ C:\Windows\system32\perfh00A.dat 2016-07-08 22:43 - 2014-01-13 23:47 - 00157926 _____ C:\Windows\system32\perfc00A.dat 2016-07-08 22:43 - 2014-01-13 23:46 - 00731434 _____ C:\Windows\system32\perfh010.dat 2016-07-08 22:43 - 2014-01-13 23:46 - 00146298 _____ C:\Windows\system32\perfc010.dat 2016-07-08 22:43 - 2014-01-13 23:44 - 00688596 _____ C:\Windows\system32\perfh007.dat 2016-07-08 22:43 - 2014-01-13 23:44 - 00148568 _____ C:\Windows\system32\perfc007.dat 2016-07-08 22:43 - 2014-01-13 23:43 - 00737104 _____ C:\Windows\system32\perfh00C.dat 2016-07-08 22:43 - 2014-01-13 23:43 - 00149032 _____ C:\Windows\system32\perfc00C.dat 2016-07-08 22:43 - 2014-01-13 23:41 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2016-07-08 22:43 - 2014-01-13 23:41 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2016-07-08 22:43 - 2010-11-20 23:01 - 06015696 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-08 22:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf 2016-07-08 22:35 - 2016-01-16 16:57 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-08 22:33 - 2014-01-14 09:20 - 00000000 ____D C:\Windows\Panther 2016-07-08 22:29 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-08 22:29 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-08 22:21 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-07-08 04:39 - 2015-03-14 12:26 - 00000992 _____ C:\Users\LG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-07 23:00 - 2015-03-14 12:26 - 00000000 ____D C:\Users\LG 2016-07-07 22:59 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-07-07 20:05 - 2015-03-14 14:49 - 00000000 ____D C:\Users\LG\AppData\Roaming\Notepad++ 2016-07-01 06:45 - 2016-01-08 18:06 - 00000000 ___RD C:\Program Files\Skype 2016-07-01 06:45 - 2015-03-14 14:50 - 00000000 ____D C:\ProgramData\Skype 2016-06-30 21:35 - 2016-01-16 16:57 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-06-30 21:35 - 2016-01-16 16:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\LG\AppData\Roaming\AdbWinApi.dll 2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\LG\AppData\Roaming\AdbWinUsbApi.dll 2016-07-06 21:58 - 2016-07-04 07:53 - 51376752 _____ (UCWeb Inc.) C:\Users\LG\AppData\Roaming\Browser_V5.6.14087.7_r_4681_(Build1607010949).exe 2016-06-28 03:12 - 2016-06-28 03:12 - 0314434 ____N () C:\Users\LG\AppData\Roaming\EYapp.apk 2016-07-06 18:49 - 2016-07-06 18:50 - 0011568 _____ () C:\Users\LG\AppData\Roaming\InstallationConfiguration.xml 2016-07-06 18:49 - 2016-07-06 18:49 - 0128512 _____ () C:\Users\LG\AppData\Roaming\Installer.dat 2016-07-06 19:01 - 2016-02-18 03:56 - 7318464 _____ () C:\Users\LG\AppData\Roaming\KuaiZip_Setup_703612525_zzlm_002.exe 2016-07-06 18:57 - 2016-07-01 11:19 - 8284704 _____ (深圳市伟创科技软件有限公司) C:\Users\LG\AppData\Roaming\MaoHaWiFiSetup_263.exe 2016-07-06 19:05 - 2016-06-30 12:29 - 48004712 _____ (Maxthon International ltd.) C:\Users\LG\AppData\Roaming\mx4.9.3.1000.exe 2016-07-06 19:05 - 2016-07-07 19:59 - 7616340 _____ () C:\Users\LG\AppData\Roaming\setup.apk 2016-07-07 22:02 - 2016-05-26 10:51 - 4761392 _____ () C:\Users\LG\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe 2016-07-07 22:03 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\LG\AppData\Roaming\ziptool_wc-9015_setup.exe Some files in TEMP: ==================== C:\Users\LG\AppData\Local\Temp\libeay32.dll C:\Users\LG\AppData\Local\Temp\msvcr120.dll C:\Users\LG\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-01 07:11 ==================== End of FRST.txt ============================