Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 Ran by zb2 (administrator) on DESKTOP-MSMM3LO (11-11-2016 13:17:13) Running from D:\download\frst Loaded Profiles: zb2 (Available Profiles: zb2) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\wusa.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Eugene Roshal & FAR Group) D:\far\Far.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.17.1 Tcpip\..\Interfaces\{5a448800-f4a8-413a-9411-5e20431a9021}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{639cbaef-fefc-4d54-a086-21d9b70c1b7e}: [DhcpNameServer] 192.168.17.1 Internet Explorer: ================== BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-10] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-10] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 0jvqlqow.default FF ProfilePath: C:\Users\zb2\AppData\Roaming\Mozilla\Firefox\Profiles\0jvqlqow.default [2016-11-11] FF Session Restore: Mozilla\Firefox\Profiles\0jvqlqow.default -> is enabled. FF Extension: (ImTranslator) - C:\Users\zb2\AppData\Roaming\Mozilla\Firefox\Profiles\0jvqlqow.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-11-11] FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-10] (Oracle Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BcmBtRSupport; C:\WINDOWS\System32\BtwRSupportService.exe [2278152 2016-06-01] (Broadcom Corporation.) R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1408616 2015-12-21] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 vmicvmsession; C:\WINDOWS\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [384288 2015-07-13] (Broadcom Corp) R3 BthMini; C:\WINDOWS\system32\DRIVERS\BTHMINI.sys [32256 2015-10-30] (Microsoft Corporation) R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [171296 2016-06-01] (Broadcom Corporation.) R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [925512 2015-12-21] (Intel(R) Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-12-21] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-12-21] (Intel Corporation) R3 ES8316AudCodec; C:\WINDOWS\system32\DRIVERS\ES8316AudCodec.sys [103728 2016-04-25] (Everest Semiconductor Co., Ltd ) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [251384 2015-12-21] (Intel Corporation) S3 gc2235; C:\WINDOWS\System32\drivers\gc2235.sys [97904 2015-12-21] (Intel(R) Corporation) R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [26112 2015-12-21] (Intel Corporation) S3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-12-21] (Intel) R3 iagpioe; C:\WINDOWS\System32\drivers\iagpioe.sys [32768 2015-12-21] (Intel(R) Corporation) R3 iai2ce; C:\WINDOWS\System32\drivers\iai2ce.sys [81408 2015-12-21] (Intel(R) Corporation) S3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [20208 2015-12-21] (Intel(R) Corporation) R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [62976 2015-12-21] (Intel(R) Corporation) R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [103936 2015-12-21] (Intel(R) Corporation) R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7328168 2015-12-19] (Intel Corporation) S3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [90112 2015-12-21] (Intel Corporation) R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [718856 2016-05-11] () S3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [133944 2015-12-21] (Intel) S3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [69936 2015-12-21] (Intel) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2015-12-21] (Intel(R) Corporation) R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [100864 2015-12-21] (Intel(R) Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek ) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [148280 2015-12-21] (Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-11 13:17 - 2016-11-11 13:17 - 00000000 ____D C:\FRST 2016-11-11 13:07 - 2016-11-11 13:07 - 00000844 _____ C:\Users\zb2\Desktop\Far - Shortcut.lnk 2016-11-11 13:07 - 2016-11-11 13:07 - 00000600 _____ C:\Users\zb2\AppData\Roaming\winscp.rnd 2016-11-11 13:07 - 2016-11-11 13:07 - 00000000 ____D C:\Users\zb2\AppData\Roaming\Far Manager 2016-11-11 13:07 - 2016-11-11 13:07 - 00000000 ____D C:\Users\zb2\AppData\Local\Far Manager 2016-11-11 13:05 - 2016-11-11 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-11-11 13:05 - 2016-11-11 13:05 - 00000000 ____D C:\Program Files\7-Zip 2016-11-11 11:49 - 2016-11-11 11:49 - 00000000 ___HT C:\WINDOWS\wusa.lock 2016-11-11 09:45 - 2016-11-11 09:45 - 00000000 ____D C:\Users\zb2\AppData\Local\ElevatedDiagnostics 2016-11-11 06:51 - 2016-11-11 06:51 - 00002560 _____ C:\WINDOWS\system32\Drivers\20161111_6512141_CheckPoint_Dump.txt 2016-11-11 06:51 - 2016-11-11 06:51 - 00000256 _____ C:\WINDOWS\system32\Drivers\20161111_6512203_SHIM_Dump.txt 2016-11-10 20:12 - 2016-11-10 20:12 - 00000000 ____D C:\Users\zb2\InfoCenter 2016-11-10 20:11 - 2016-11-10 20:11 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\zb2\AppData\Roaming\Sun 2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\Users\zb2\AppData\LocalLow\Sun 2016-11-10 20:11 - 2016-11-10 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-11-10 20:10 - 2016-11-10 20:11 - 00000000 ____D C:\ProgramData\Oracle 2016-11-10 20:10 - 2016-11-10 20:10 - 00000000 ____D C:\Program Files (x86)\Java 2016-11-10 20:07 - 2016-11-10 20:07 - 00844364 _____ C:\Users\zb2\Desktop\IGR-Starter.exe 2016-11-10 19:53 - 2016-11-10 19:57 - 00000000 ____D C:\Users\zb2\AppData\Local\Mozilla 2016-11-10 19:53 - 2016-11-10 19:55 - 00000000 ____D C:\Users\zb2\AppData\Roaming\Mozilla 2016-11-10 19:53 - 2016-11-10 19:53 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-11-10 19:53 - 2016-11-10 19:53 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-11-10 19:53 - 2016-11-10 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-11-10 19:53 - 2016-11-10 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-10 19:43 - 2016-11-10 19:45 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-11-10 19:43 - 2016-11-10 19:43 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-11-10 19:37 - 2016-11-10 19:51 - 00243648 _____ C:\Users\zb2\Downloads\Firefox Setup Stub 49.0.2.exe 2016-11-10 19:32 - 2016-11-10 19:32 - 00000000 ____D C:\Program Files (x86)\Intel 2016-11-10 19:31 - 2016-11-10 19:31 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-11-10 19:31 - 2016-11-10 19:31 - 00000000 ____D C:\WINDOWS\LastGood 2016-11-10 19:24 - 2016-11-10 19:24 - 00000000 ____D C:\Users\zb2\AppData\Local\MicrosoftEdge 2016-11-10 18:40 - 2016-11-10 18:40 - 00000000 ____D C:\Users\zb2\AppData\Local\Comms 2016-11-10 18:38 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-11-10 18:37 - 2016-11-10 18:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-11-10 18:23 - 2016-11-10 18:23 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-11-10 18:22 - 2016-11-10 18:23 - 00002368 _____ C:\Users\zb2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-11-10 18:22 - 2016-11-10 18:23 - 00000000 ___RD C:\Users\zb2\OneDrive 2016-11-10 18:22 - 2016-11-10 18:22 - 00000000 ____D C:\Users\zb2\AppData\Roaming\Skype 2016-11-10 18:21 - 2016-11-10 18:21 - 00000000 ____D C:\Users\zb2\AppData\Local\ActiveSync 2016-11-10 18:20 - 2016-11-10 18:20 - 00000000 ____D C:\Users\zb2\AppData\Local\Publishers 2016-11-10 18:19 - 2016-11-11 11:46 - 00000000 __SHD C:\Users\zb2\IntelGraphicsProfiles 2016-11-10 18:19 - 2016-11-10 20:22 - 00000000 ____D C:\Users\zb2 2016-11-10 18:19 - 2016-11-10 19:00 - 00000000 ____D C:\Users\zb2\AppData\Local\Packages 2016-11-10 18:19 - 2016-11-10 18:19 - 00000020 ___SH C:\Users\zb2\ntuser.ini 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 _SHDL C:\Users\zb2\My Documents 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 _SHDL C:\Users\zb2\Documents\My Videos 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 _SHDL C:\Users\zb2\Documents\My Pictures 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 _SHDL C:\Users\zb2\Documents\My Music 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 ____D C:\Users\zb2\AppData\Roaming\Adobe 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 ____D C:\Users\zb2\AppData\Local\VirtualStore 2016-11-10 18:19 - 2016-11-10 18:19 - 00000000 ____D C:\Users\zb2\AppData\Local\TileDataLayer 2016-11-10 18:18 - 2015-10-29 19:43 - 07851008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0015.dll 2016-11-05 03:26 - 2016-11-11 11:46 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Public\Documents\My Videos 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Public\Documents\My Music 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default\My Documents 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-11-05 03:19 - 2016-11-05 03:19 - 00000000 _SHDL C:\Documents and Settings ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-11 11:52 - 2016-06-01 16:17 - 03594662 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-11 11:52 - 2016-05-07 05:53 - 00767324 _____ C:\WINDOWS\system32\perfh010.dat 2016-11-11 11:52 - 2016-05-07 05:53 - 00143836 _____ C:\WINDOWS\system32\perfc010.dat 2016-11-11 11:52 - 2016-05-07 05:44 - 00778452 _____ C:\WINDOWS\system32\perfh00C.dat 2016-11-11 11:52 - 2016-05-07 05:44 - 00147640 _____ C:\WINDOWS\system32\perfc00C.dat 2016-11-11 11:52 - 2016-05-07 05:33 - 00774706 _____ C:\WINDOWS\system32\perfh00A.dat 2016-11-11 11:52 - 2016-05-07 05:33 - 00153114 _____ C:\WINDOWS\system32\perfc00A.dat 2016-11-11 11:52 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-11-11 11:52 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-11-11 11:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-11-11 11:46 - 2016-02-13 14:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-11-11 11:43 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-11-11 07:12 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache 2016-11-10 19:26 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-10 19:21 - 2016-02-13 14:03 - 00000000 ____D C:\Program Files\Windows Journal 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\system32\winrm 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\system32\WCN 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\system32\slmgr 2016-11-10 19:21 - 2016-02-13 13:51 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Com 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\System 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-11-10 19:21 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-11-10 19:21 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-11-10 19:21 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-11-10 19:21 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-11-10 19:21 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\servicing 2016-11-10 18:19 - 2016-02-13 14:20 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-11-10 18:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-11-10 18:18 - 2016-02-13 13:55 - 00000000 ____D C:\WINDOWS\OCR 2016-11-05 03:25 - 2016-02-13 14:11 - 00194232 _____ C:\WINDOWS\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2016-11-11 13:07 - 2016-11-11 13:07 - 0000600 _____ () C:\Users\zb2\AppData\Roaming\winscp.rnd ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-01 16:13 ==================== End of FRST.txt ============================