Over the past year my box has slowed down in seemingly all was. Browsing and downloading are the most prominent with some slowing of basic functions ie: file search, copy ect.
I've used this forum in the past for an old box, so many thanks in advance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by dad (administrator) on JC (07-03-2017 15:13:30)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2a\AOL.EXE [80816 2016-09-22] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
FireFox:
========
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081 [2017-03-07]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\features\{0be29a3a-3eb3-4cbc-b703-ecf9760613e0}\
[email protected] [2017-03-07]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-02-24]
CHR Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-03-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [116736 2014-02-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nuviocir; C:\WINDOWS\System32\drivers\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-22] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-02-22] (Webroot)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 15:13 - 2017-03-07 15:13 - 00014857 _____ C:\Users\dad\Desktop\FRST.txt
2017-03-02 06:33 - 2017-03-02 06:34 - 00412996 _____ C:\WINDOWS\Minidump\030217-19015-01.dmp
2017-02-27 06:11 - 2017-02-27 06:11 - 00421244 _____ C:\WINDOWS\Minidump\022717-20734-01.dmp
2017-02-24 06:37 - 2017-02-24 06:37 - 00413108 _____ C:\WINDOWS\Minidump\022417-21125-01.dmp
2017-02-23 14:53 - 2017-02-23 14:54 - 00412972 _____ C:\WINDOWS\Minidump\022317-20718-01.dmp
2017-02-23 10:37 - 2017-02-23 10:37 - 00413028 _____ C:\WINDOWS\Minidump\022317-19578-01.dmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Users\dad\AppData\Local\lptmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Webroot
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-02-22 20:46 - 2017-03-06 20:24 - 00000000 ____D C:\ProgramData\WRData
2017-02-21 17:12 - 2017-02-21 17:12 - 00092292 _____ C:\Users\dad\Documents\ann_Corporation_dba_Granite_and_Marble_Solutions_15_3964.pdf
2017-02-20 18:42 - 2017-02-20 18:43 - 00413212 _____ C:\WINDOWS\Minidump\022017-19781-01.dmp
2017-02-20 18:28 - 2017-02-20 18:28 - 00413068 _____ C:\WINDOWS\Minidump\022017-19046-01.dmp
2017-02-20 10:40 - 2017-02-20 10:40 - 00507427 _____ C:\Users\dad\Documents\ProposalClifton310WaterfieldCtJohnsCreek(2017-0217).pdf
2017-02-18 13:43 - 2017-02-18 13:43 - 00413220 _____ C:\WINDOWS\Minidump\021817-21484-01.dmp
2017-02-18 12:49 - 2017-02-18 12:49 - 00413052 _____ C:\WINDOWS\Minidump\021817-20046-01.dmp
2017-02-18 12:22 - 2017-02-18 12:22 - 00413164 _____ C:\WINDOWS\Minidump\021817-19640-01.dmp
2017-02-18 06:31 - 2017-02-18 06:31 - 00413100 _____ C:\WINDOWS\Minidump\021817-19953-01.dmp
2017-02-18 06:16 - 2017-02-18 06:17 - 00413028 _____ C:\WINDOWS\Minidump\021817-19453-01.dmp
2017-02-18 04:25 - 2017-02-18 04:25 - 00412996 _____ C:\WINDOWS\Minidump\021817-20109-01.dmp
2017-02-18 03:32 - 2017-02-18 03:32 - 00413036 _____ C:\WINDOWS\Minidump\021817-18359-01.dmp
2017-02-18 02:31 - 2017-02-18 02:31 - 00413044 _____ C:\WINDOWS\Minidump\021817-19687-01.dmp
2017-02-18 00:37 - 2017-02-18 00:37 - 00413036 _____ C:\WINDOWS\Minidump\021817-19593-01.dmp
2017-02-16 17:29 - 2017-02-16 17:29 - 00413172 _____ C:\WINDOWS\Minidump\021617-21218-01.dmp
2017-02-11 11:58 - 2017-02-12 13:33 - 00000000 ____D C:\Users\dad\Documents\Cleanfoodcrush
2017-02-11 05:01 - 2017-02-11 05:01 - 00413132 _____ C:\WINDOWS\Minidump\021117-18218-01.dmp
2017-02-09 22:26 - 2017-02-09 22:26 - 00413044 _____ C:\WINDOWS\Minidump\020917-20593-01.dmp
2017-02-09 16:13 - 2017-02-09 16:13 - 00413180 _____ C:\WINDOWS\Minidump\020917-21125-01.dmp
2017-02-05 17:48 - 2017-02-05 17:48 - 00418522 _____ C:\Users\dad\Documents\2016TurboTaxReturn- Emily Clifton.pdf
2017-02-05 17:48 - 2017-02-05 17:48 - 00036819 _____ C:\Users\dad\Documents\ElectronicStatement.pdf
2017-02-05 17:46 - 2017-02-05 17:46 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn (1).pdf
2017-02-05 17:45 - 2017-02-05 17:45 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn.pdf
2017-02-05 04:39 - 2017-02-05 04:39 - 00413132 _____ C:\WINDOWS\Minidump\020517-18984-01.dmp
2017-02-05 01:42 - 2017-02-05 01:43 - 00413100 _____ C:\WINDOWS\Minidump\020517-19312-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 15:13 - 2016-12-11 08:47 - 00000000 ____D C:\FRST
2017-03-07 15:13 - 2016-12-11 08:46 - 02423808 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2017-03-07 15:12 - 2016-11-17 21:14 - 00000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2017-03-07 15:07 - 2016-10-05 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 14:15 - 2016-11-17 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 14:15 - 2016-10-05 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 13:57 - 2016-11-17 07:17 - 00000000 ____D C:\Users\dad\Desktop\Old Firefox Data
2017-03-07 06:30 - 2016-10-05 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-07 06:30 - 2015-03-22 21:18 - 00000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2017-03-06 19:12 - 2016-10-05 18:38 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2017-03-06 08:14 - 2016-12-11 09:14 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 08:14 - 2016-10-05 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-05 16:28 - 2016-10-05 20:45 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 10:20 - 2016-10-05 21:49 - 642006430 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 10:20 - 2016-10-05 21:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-05 10:20 - 2016-10-05 18:22 - 00000000 ____D C:\Users\dad
2017-03-04 22:13 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-02 06:51 - 2016-12-15 17:46 - 00003260 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 06:51 - 2016-10-05 18:35 - 00002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 06:51 - 2015-04-18 21:32 - 00000000 __RDO C:\Users\dad\OneDrive
2017-02-27 18:49 - 2016-10-05 21:09 - 00000000 ____D C:\Windows.old
2017-02-26 17:12 - 2015-12-28 15:29 - 00000376 _____ C:\Users\dad\Downloads\SH.m3u
2017-02-22 20:49 - 2015-12-10 21:02 - 00000000 ____D C:\Users\dad\AppData\LocalLow\LastPass
2017-02-22 20:35 - 2015-05-13 09:04 - 00000000 ____D C:\Users\dad\Documents\Rockets
2017-02-22 10:59 - 2016-10-05 22:06 - 00000000 ____D C:\Users\dad\AppData\Local\Microsoft Games
2017-02-21 09:54 - 2016-10-05 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 14:43 - 2016-11-14 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 16:10 - 2016-10-08 09:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 16:10 - 2016-10-08 09:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2017-02-22 20:49 - 2017-02-22 22:31 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-10-05 18:18 - 2016-10-05 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-25 21:21
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by dad (administrator) on JC (07-03-2017 15:13:30)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad (Available Profiles: dad)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2a\AOLBrowser\AolBrowserTab.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2a\AOL.EXE [80816 2016-09-22] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-02-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-02-22] (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-02-22] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-02-22] (Webroot)
FireFox:
========
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081 [2017-03-07]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\mnt0a13x.default-1488913050081\features\{0be29a3a-3eb3-4cbc-b703-ecf9760613e0}\
[email protected] [2017-03-07]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2017-03-07]
CHR Extension: (Google Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-02-24]
CHR Extension: (Webroot Password Manager) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992568 2017-02-22] (Webroot)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-03-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [116736 2014-02-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nuviocir; C:\WINDOWS\System32\drivers\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-22] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [66328 2017-02-22] (Webroot)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 15:13 - 2017-03-07 15:13 - 00014857 _____ C:\Users\dad\Desktop\FRST.txt
2017-03-02 06:33 - 2017-03-02 06:34 - 00412996 _____ C:\WINDOWS\Minidump\030217-19015-01.dmp
2017-02-27 06:11 - 2017-02-27 06:11 - 00421244 _____ C:\WINDOWS\Minidump\022717-20734-01.dmp
2017-02-24 06:37 - 2017-02-24 06:37 - 00413108 _____ C:\WINDOWS\Minidump\022417-21125-01.dmp
2017-02-23 14:53 - 2017-02-23 14:54 - 00412972 _____ C:\WINDOWS\Minidump\022317-20718-01.dmp
2017-02-23 10:37 - 2017-02-23 10:37 - 00413028 _____ C:\WINDOWS\Minidump\022317-19578-01.dmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00193072 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00126696 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2017-02-22 20:49 - 2017-02-22 20:49 - 00066328 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Users\dad\AppData\Local\lptmp
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Webroot
2017-02-22 20:49 - 2017-02-22 20:49 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-02-22 20:46 - 2017-03-06 20:24 - 00000000 ____D C:\ProgramData\WRData
2017-02-21 17:12 - 2017-02-21 17:12 - 00092292 _____ C:\Users\dad\Documents\ann_Corporation_dba_Granite_and_Marble_Solutions_15_3964.pdf
2017-02-20 18:42 - 2017-02-20 18:43 - 00413212 _____ C:\WINDOWS\Minidump\022017-19781-01.dmp
2017-02-20 18:28 - 2017-02-20 18:28 - 00413068 _____ C:\WINDOWS\Minidump\022017-19046-01.dmp
2017-02-20 10:40 - 2017-02-20 10:40 - 00507427 _____ C:\Users\dad\Documents\ProposalClifton310WaterfieldCtJohnsCreek(2017-0217).pdf
2017-02-18 13:43 - 2017-02-18 13:43 - 00413220 _____ C:\WINDOWS\Minidump\021817-21484-01.dmp
2017-02-18 12:49 - 2017-02-18 12:49 - 00413052 _____ C:\WINDOWS\Minidump\021817-20046-01.dmp
2017-02-18 12:22 - 2017-02-18 12:22 - 00413164 _____ C:\WINDOWS\Minidump\021817-19640-01.dmp
2017-02-18 06:31 - 2017-02-18 06:31 - 00413100 _____ C:\WINDOWS\Minidump\021817-19953-01.dmp
2017-02-18 06:16 - 2017-02-18 06:17 - 00413028 _____ C:\WINDOWS\Minidump\021817-19453-01.dmp
2017-02-18 04:25 - 2017-02-18 04:25 - 00412996 _____ C:\WINDOWS\Minidump\021817-20109-01.dmp
2017-02-18 03:32 - 2017-02-18 03:32 - 00413036 _____ C:\WINDOWS\Minidump\021817-18359-01.dmp
2017-02-18 02:31 - 2017-02-18 02:31 - 00413044 _____ C:\WINDOWS\Minidump\021817-19687-01.dmp
2017-02-18 00:37 - 2017-02-18 00:37 - 00413036 _____ C:\WINDOWS\Minidump\021817-19593-01.dmp
2017-02-16 17:29 - 2017-02-16 17:29 - 00413172 _____ C:\WINDOWS\Minidump\021617-21218-01.dmp
2017-02-11 11:58 - 2017-02-12 13:33 - 00000000 ____D C:\Users\dad\Documents\Cleanfoodcrush
2017-02-11 05:01 - 2017-02-11 05:01 - 00413132 _____ C:\WINDOWS\Minidump\021117-18218-01.dmp
2017-02-09 22:26 - 2017-02-09 22:26 - 00413044 _____ C:\WINDOWS\Minidump\020917-20593-01.dmp
2017-02-09 16:13 - 2017-02-09 16:13 - 00413180 _____ C:\WINDOWS\Minidump\020917-21125-01.dmp
2017-02-05 17:48 - 2017-02-05 17:48 - 00418522 _____ C:\Users\dad\Documents\2016TurboTaxReturn- Emily Clifton.pdf
2017-02-05 17:48 - 2017-02-05 17:48 - 00036819 _____ C:\Users\dad\Documents\ElectronicStatement.pdf
2017-02-05 17:46 - 2017-02-05 17:46 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn (1).pdf
2017-02-05 17:45 - 2017-02-05 17:45 - 00418522 _____ C:\Users\dad\Downloads\2016TurboTaxReturn.pdf
2017-02-05 04:39 - 2017-02-05 04:39 - 00413132 _____ C:\WINDOWS\Minidump\020517-18984-01.dmp
2017-02-05 01:42 - 2017-02-05 01:43 - 00413100 _____ C:\WINDOWS\Minidump\020517-19312-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-07 15:13 - 2016-12-11 08:47 - 00000000 ____D C:\FRST
2017-03-07 15:13 - 2016-12-11 08:46 - 02423808 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2017-03-07 15:12 - 2016-11-17 21:14 - 00000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2017-03-07 15:07 - 2016-10-05 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-07 14:15 - 2016-11-17 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-07 14:15 - 2016-10-05 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-07 13:57 - 2016-11-17 07:17 - 00000000 ____D C:\Users\dad\Desktop\Old Firefox Data
2017-03-07 06:30 - 2016-10-05 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-07 06:30 - 2015-03-22 21:18 - 00000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2017-03-06 19:12 - 2016-10-05 18:38 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2017-03-06 08:14 - 2016-12-11 09:14 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-06 08:14 - 2016-10-05 18:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-05 16:28 - 2016-10-05 20:45 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-03-05 10:20 - 2016-10-05 21:49 - 642006430 _____ C:\WINDOWS\MEMORY.DMP
2017-03-05 10:20 - 2016-10-05 21:49 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-05 10:20 - 2016-10-05 18:22 - 00000000 ____D C:\Users\dad
2017-03-04 22:13 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-02 06:51 - 2016-12-15 17:46 - 00003260 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 06:51 - 2016-10-05 18:35 - 00002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 06:51 - 2015-04-18 21:32 - 00000000 __RDO C:\Users\dad\OneDrive
2017-02-27 18:49 - 2016-10-05 21:09 - 00000000 ____D C:\Windows.old
2017-02-26 17:12 - 2015-12-28 15:29 - 00000376 _____ C:\Users\dad\Downloads\SH.m3u
2017-02-22 20:49 - 2015-12-10 21:02 - 00000000 ____D C:\Users\dad\AppData\LocalLow\LastPass
2017-02-22 20:35 - 2015-05-13 09:04 - 00000000 ____D C:\Users\dad\Documents\Rockets
2017-02-22 10:59 - 2016-10-05 22:06 - 00000000 ____D C:\Users\dad\AppData\Local\Microsoft Games
2017-02-21 09:54 - 2016-10-05 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-15 14:43 - 2016-11-14 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 22:06 - 2016-10-05 21:00 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 16:10 - 2016-10-08 09:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 16:10 - 2016-10-08 09:11 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2017-02-22 20:49 - 2017-02-22 22:31 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-10-05 18:18 - 2016-10-05 18:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-25 21:21
==================== End of FRST.txt ============================