Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by SYSTEM on MININT-IK2SVRM (08-04-2018 13:34:25) Running from f:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-01] (Dell Inc.) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.) HKLM-x32\...\Run: [ShwiconXP6366] => c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe [237568 2009-07-16] (Alcor Micro Corp.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] () HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-12-08] (Apple Inc.) HKLM-x32\...\Run: [Starter] => C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1910424 2017-11-09] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-05] (Dell) Winlogon\Notify\GoToAssist: HKU\Norma\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-11] (Google Inc.) HKU\Norma\...\Run: [ComcastAntispyClient] => C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [1589208 2009-08-19] () HKU\Norma\...\Run: [Facebook Update] => C:\Users\Norma\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-29] (Facebook Inc.) HKU\Norma\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung) HKU\Norma\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKU\Norma\...\Run: [ShopAtHomeUpdater] => C:\Users\Norma\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2015-07-29] (ShopAtHome.com) HKU\Norma\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) Startup: C:\Users\Norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-03-08] ShortcutTarget: Facebook Messenger.lnk -> (No File) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] () S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.) S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-07] (iolo technologies, LLC) S2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.11.2.7\N360.exe [326144 2017-11-10] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-01] (Dell Inc.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\BASHDefs\20180124.001\BHDrvx64.sys [1872024 2017-10-11] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160B020.007\ccSetx64.sys [187544 2017-11-10] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-04] (Symantec Corporation) S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] () S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.10.0.85\Definitions\IPSDefs\20180125.001\IDSvia64.sys [1056920 2017-10-13] (Symantec Corporation) S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-20] (Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-26] (Malwarebytes) S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-26] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-26] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-26] (Malwarebytes) S3 NPF; C:\Windows\System32\drivers\NPF.sys [47632 2010-02-01] (CACE Technologies, Inc.) S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2010-11-17] (PC-Doctor, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S1 SRTSP; C:\Windows\System32\Drivers\N360x64\160B020.007\SRTSP64.SYS [812696 2017-11-10] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\160B020.007\SRTSPX64.SYS [49304 2017-11-10] (Symantec Corporation) S0 SymEFASI; C:\Windows\System32\drivers\N360x64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-10] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102600 2017-11-22] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\160B020.007\Ironx64.SYS [309984 2017-11-10] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360x64\160B020.007\SYMNETS.SYS [566936 2017-11-10] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160820.001\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160820.001\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-08 13:34 - 2018-04-08 13:34 - 000000000 ____D C:\FRST 2018-03-21 16:39 - 2018-03-21 16:39 - 000006353 _____ C:\Users\Norma\Documents\Avery-Note Card-3379-1leilani.avery ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-08 10:46 - 2018-01-26 09:39 - 000000000 ____D C:\Windows\System32\Tasks\Remediation 2018-04-08 10:46 - 2018-01-10 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-04-08 10:46 - 2017-11-29 13:58 - 000000000 ____D C:\Users\Norma\.android 2018-04-08 10:46 - 2017-10-17 14:24 - 000000000 ____D C:\Windows\System32\Tasks\Norton 360 2018-04-08 10:46 - 2015-06-02 14:19 - 000000000 ____D C:\ProgramData\FitbitConnect 2018-04-08 10:46 - 2012-07-15 12:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-04-08 10:46 - 2012-06-26 08:21 - 000000000 ____D C:\ProgramData\CanonIJ 2018-04-08 10:46 - 2012-04-03 09:50 - 000000000 ____D C:\Windows\System32\Macromed 2018-04-08 10:46 - 2010-12-10 09:07 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2018-04-08 10:46 - 2010-12-10 09:06 - 000000000 ____D C:\Program Files (x86)\Norton Security Suite 2018-04-08 10:46 - 2010-12-10 09:00 - 000000000 ____D C:\ProgramData\Norton 2018-04-08 10:46 - 2010-12-09 21:17 - 000000000 ____D C:\users\Norma 2018-04-08 10:46 - 2010-10-19 11:22 - 000000000 ____D C:\ProgramData\FLEXnet 2018-04-08 10:46 - 2010-10-19 10:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-04-08 10:46 - 2010-09-15 02:23 - 000000000 ____D C:\Users\Norma\Desktop\Old Republic Title Holding Company - Documents_files 2018-04-08 10:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF 2018-04-08 10:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache 2018-04-08 10:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2018-04-08 10:45 - 2010-06-04 11:24 - 000000000 ____D C:\Users\Public\Documents\Norton 2018-04-08 10:45 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration 2018-04-08 10:44 - 2015-07-17 17:01 - 000000000 ____D C:\Program Files\Common Files\AV 2018-04-08 10:43 - 2010-10-19 11:13 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2018-03-28 06:18 - 2011-02-11 09:27 - 000000000 ____D C:\Users\Norma\AppData\LocalLow\HPAppData 2018-03-28 06:12 - 2011-02-11 15:36 - 000000000 ____D C:\Users\Norma\AppData\Local\CrashDumps 2018-03-28 06:08 - 2010-10-19 11:34 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2018-03-28 06:08 - 2010-10-19 11:34 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-11-29 13:01 Restore point date: 2017-11-29 15:34 Restore point date: 2017-11-30 02:10 Restore point date: 2018-01-26 10:58 Restore point date: 2018-04-08 10:44 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2811.95 MB Available physical RAM: 2209.01 MB Total Virtual: 2810.1 MB Available Virtual: 2199.92 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:196.11 GB) NTFS Drive f: (Repair disc Windows 7 64-bit) (Removable) (Total:14.46 GB) (Free:14.2 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.57 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2398A8C6) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.5 GB) (Disk ID: 0016A997) Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS) LastRegBack: 2018-01-26 10:16 ==================== End of FRST.txt ============================