My Win 7 Pro 64 bit running ESR Firefox 52.5.0 32 bit has recently picked up a Google to Bing redirect. The homepage seems OK so far.

Here is my FRST.txt file


==================
HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files (x86)\iGetter\Integration\x64\IGMON.dll [2014-12-16] (Presenta Ltd.)
BHO-x32: IGMONObj Class -> {02464DDC-3187-11D8-8004-0020ED227566} -> C:\Program Files (x86)\iGetter\Integration\IGMON.dll [2014-12-16] (Presenta Ltd.)
BHO-x32: Wondershare AllMyTube 4.9.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2016-11-19] ()
BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll [2014-09-19] (Wondershare)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File

FireFox:
========
FF DefaultProfile: jak07h98.default
FF ProfilePath: C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default [2018-06-02]
FF Extension: (Mixcloud Downloader) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\@mixclouddownloader.xpi [2018-04-25]
FF Extension: (British English Dictionary (Updated)) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\en-gb@flyingtophat.co.uk [2018-06-01] [Legacy] [not signed]
FF Extension: (Flash Control) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2016-10-06] [Legacy]
FF Extension: (ruTorrent add) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\rtadd@alexey.kolokolnikov.xpi [2016-04-29] [Legacy]
FF Extension: (Torrent to Web) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\torrent-to-web@dasprids.de.xpi [2018-05-28]
FF Extension: (Copy As Plain Text) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2015-05-30] [Legacy]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2018-06-01] [Legacy] [not signed]
FF Extension: (FEBE) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2018-06-01] [Legacy]
FF Extension: (EPUBReader) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2017-08-01]
FF Extension: (ChatZilla) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2018-06-01] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-25] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (MetaProducts Integration) - C:\Users\HP_Mega\AppData\Roaming\Mozilla\Firefox\Profiles\jak07h98.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2016-09-03] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi
FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi [2017-09-01] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [donottrackplus@abine.com] - C:\Program Files (x86)\CheckPoint\Install\dntme-firefox.xpi
FF Extension: (Blur) - C:\Program Files (x86)\CheckPoint\Install\dntme-firefox.xpi [2016-08-23] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: (Wondershare Player) - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-09-05] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-27] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default [2018-01-11]
CHR Extension: (Docs) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
CHR Extension: (Google Drive) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-08]
CHR Extension: (YouTube) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-08]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2018-01-08]
CHR Extension: (Sheets) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-08]
CHR Extension: (MetaProducts Mass Downloader integration) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclionckffaclfhaknnfkpjoebaopcam [2018-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-11]
CHR Extension: (Gmail) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\HP_Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-11]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx [2016-09-04]
CHR HKLM-x32\...\Chrome\Extension: [kclionckffaclfhaknnfkpjoebaopcam] - C:\Program Files (x86)\Mass Downloader\mpmd.crx [2014-12-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
R2 AdminHelper.exe; C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe [56184 2013-03-29] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-01] ()
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [164200 2010-07-30] (Broadcom Corporation)
R2 Dimension4; C:\Program Files (x86)\D4\D4.exe [355840 2013-11-27] (Thinking Man Software) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-08-19] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe [181312 2015-03-10] () [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [311736 2015-07-22] (Netgear, Inc.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [366432 2016-11-01] (Acronis International GmbH)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-07-23] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-07-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-07-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-07-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-07-23] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-06-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 SCWFPFilter; C:\Windows\System32\DRIVERS\WFPFilter.sys [25552 2012-01-10] ()
S3 swHMmbb00IPT; C:\Windows\System32\DRIVERS\swHMmbb00IPT.sys [486672 2013-05-29] (Sierra Wireless Incorporated)
S3 swHMser00; C:\Windows\System32\DRIVERS\swHMser00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
S3 swHMserIPT00; C:\Windows\System32\DRIVERS\swHMserIPT00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
S3 swHMwdmbusIPT00SER64; C:\Windows\System32\DRIVERS\swHMwdmbusIPT00.sys [115448 2013-07-11] (NETGEAR)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [114424 2012-11-08] (Sierra Wireless Inc.)
S3 swiwdmbxum; C:\Windows\System32\DRIVERS\swiwdmbxum.sys [114424 2013-03-26] (Sierra Wireless Inc.)
S3 swUMmbb00; C:\Windows\System32\DRIVERS\swUMmbb00.sys [482608 2013-03-21] (Sierra Wireless Incorporated)
S3 swUMser00; C:\Windows\System32\DRIVERS\swUMser00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-23] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267552 2016-11-01] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [193376 2016-11-01] (Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [601432 2016-11-01] (Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [279392 2016-04-23] (Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-06-06] (Check Point Software Technologies Ltd.)
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 10:35 - 2018-06-02 10:36 - 000024328 _____ C:\Users\HP_Mega\Desktop\FRST.txt
2018-06-02 10:34 - 2018-06-02 10:35 - 000000000 ____D C:\FRST
2018-06-02 08:07 - 2018-06-02 08:06 - 002413056 _____ (Farbar) C:\Users\HP_Mega\Desktop\FRST64.exe
2018-05-28 09:59 - 2018-05-28 09:59 - 000000889 _____ C:\Users\HP_Mega\Desktop\jak07h98.default - Shortcut.lnk
2018-05-28 09:51 - 2018-05-28 09:51 - 000001728 _____ C:\Users\HP_Mega\Desktop\Profiles - Shortcut.lnk
2018-05-22 12:02 - 2018-05-22 12:02 - 000000235 _____ C:\Users\HP_Mega\Desktop\Wake County crime maps - Interacitve maps and e-mail alerts WRAL.com.URL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-02 10:36 - 2015-03-10 17:26 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\Skype
2018-06-02 10:34 - 2016-11-22 23:48 - 000000000 ____D C:\Users\HP_Mega\AppData\LocalLow\Mozilla
2018-06-02 08:23 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-02 08:23 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-02 08:13 - 2017-06-05 17:05 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-06-02 08:13 - 2013-08-16 17:40 - 000000000 ____D C:\ProgramData\PDFC
2018-06-02 08:12 - 2015-03-11 12:03 - 000000296 _____ C:\Windows\Brownie.ini
2018-06-02 08:12 - 2013-08-16 17:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 08:12 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-01 18:20 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-01 18:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-30 15:49 - 2015-03-11 16:13 - 000000000 ____D C:\NewsRoverData
2018-05-29 15:08 - 2016-08-09 17:13 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-29 15:08 - 2016-08-09 17:13 - 000002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-28 16:51 - 2016-07-27 13:32 - 000000977 _____ C:\Users\HP_Mega\Desktop\PotPlayer 64 bit.lnk
2018-05-27 10:04 - 2015-03-11 11:39 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\TrustedQSL
2018-05-26 23:24 - 2018-03-11 10:35 - 000000000 ____D C:\Users\HP_Mega\AppData\Roaming\uTorrent
2018-05-25 09:31 - 2016-11-21 17:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-05-25 09:31 - 2015-03-10 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-23 12:39 - 2015-03-14 12:26 - 000000000 ____D C:\Users\HP_Mega\AppData\Local\CrashDumps
2018-05-17 06:01 - 2016-08-09 17:12 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 06:01 - 2016-08-09 17:12 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 09:23 - 2015-03-10 17:26 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-05-15 09:23 - 2015-03-10 17:26 - 000000000 ____D C:\ProgramData\Skype
2018-05-12 10:55 - 2018-03-15 08:18 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-12 10:55 - 2015-03-10 17:15 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-12 10:55 - 2015-03-10 17:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-12 10:55 - 2015-03-10 17:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-12 10:55 - 2015-03-10 17:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-12 10:55 - 2015-03-10 17:14 - 000000000 ____D C:\Users\HP_Mega\AppData\Local\Adobe

==================== Files in the root of some directories =======

2016-07-20 16:37 - 2016-07-20 16:32 - 000045056 _____ () C:\Users\HP_Mega\testdrive.exe
2016-03-19 18:52 - 2016-03-19 18:52 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx00fc
2016-05-30 12:15 - 2016-05-30 12:15 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx0321
2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx0e59
2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx2921
2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx4198
2016-04-10 11:28 - 2016-04-10 11:28 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx4afe
2016-05-03 21:34 - 2016-05-03 21:34 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx5d20
2016-04-11 13:44 - 2016-04-11 13:44 - 000041094 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx5dd3
2016-06-22 20:09 - 2016-06-22 20:09 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx6c3d
2016-03-19 12:26 - 2016-03-19 12:26 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx7257
2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx7675
2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivx8d4a
2016-03-19 12:26 - 2016-03-19 12:26 - 000041210 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxac66
2015-06-08 16:03 - 2015-06-08 16:03 - 001059848 _____ (DivX, LLC) C:\Users\HP_Mega\AppData\Local\Tempdivxd0b4.exe
2016-06-25 13:13 - 2016-06-25 13:13 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd3f4
2016-06-24 19:27 - 2016-06-24 19:27 - 000043432 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd460
2016-05-31 03:46 - 2016-05-31 03:46 - 000259739 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxd6e6
2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxefea
2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf1c9
2016-03-29 04:03 - 2016-03-29 04:03 - 000261341 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf1da
2016-03-10 04:30 - 2016-03-10 04:30 - 000264378 _____ () C:\Users\HP_Mega\AppData\Local\Tempdivxf3a2
2012-09-10 07:49 - 2012-09-10 07:49 - 000001050 ____H () C:\Users\HP_Mega\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}

Some files in TEMP:
====================
2018-04-27 12:08 - 2018-04-27 12:08 - 012333208 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-3.1.3.0.exe
2017-09-05 17:48 - 2017-09-05 17:49 - 016006376 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.10.0.exe
2017-06-05 16:07 - 2017-06-05 16:09 - 006985672 _____ (IPVANISH ) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.8.0.exe
2017-07-29 13:39 - 2017-07-29 13:39 - 015969992 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.0.9.15.exe
2017-10-28 23:23 - 2017-10-28 23:23 - 022707312 _____ (IPVanish) C:\Users\HP_Mega\AppData\Local\Temp\IPVanish-Setup-3.1.0.0.exe
2000-07-29 23:29 - 2000-07-29 23:29 - 003686400 _____ () C:\Users\HP_Mega\AppData\Local\Temp\Setup.exe
2017-06-17 20:09 - 2018-04-17 23:08 - 058834376 _____ (Skype Technologies S.A.) C:\Users\HP_Mega\AppData\Local\Temp\SkypeSetup.exe
2017-07-08 03:50 - 2017-07-08 03:50 - 014456872 _____ (Microsoft Corporation) C:\Users\HP_Mega\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 20:24

==================== End of FRST.txt ============================