[oldpc]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Owner (administrator) on OWNER-PC (14-01-2018 13:05:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

 

http://www.geekstogo...-tutorial-how-t

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Owner (administrator) on OWNER-PC (14-01-2018 13:05:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [891040 2012-11-27] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 32-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 64-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\MountPoints2: {6c20378e-1b8d-11e2-a397-00266cd5c46a} - F:\DTVP_Launcher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{62A680E1-BFAF-4130-8F9F-8A385DF71347}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=94cco60ncg5pq
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> DefaultScope {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {5AAAD3DB-6713-431E-AD28-4D0440BB3868} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {a14d617b-7664-4830-b942-10e708ed191e} URL = hxxp://isearch.shopathome.com?user_id={609ebc7e-eb6a-4b8b-b26d-200873f5d8b2}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1437145097610
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1437144277304
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/EmailConfig/static/installer/ATTEmailUpdater64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7lEI\Installr\1.bin\NP7lEISB.dll [2013-08-07] (CursorMania)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll [2010-06-23] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IISADMIN; C:\windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMSVC; C:\windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-04-25] (CACE Technologies, Inc.)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S1 MpKsl9f65f4f5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{312EF1DE-531C-4F82-AE4D-0740542D2C2B}\MpKsl9f65f4f5.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-14 13:05 - 2018-01-14 13:06 - 000014618 _____ C:\Users\Owner\Desktop\FRST.txt
2018-01-14 13:04 - 2018-01-14 13:05 - 000000000 ____D C:\FRST
2018-01-14 13:03 - 2018-01-14 13:03 - 002393088 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-01-14 11:53 - 2018-01-14 11:53 - 000003000 _____ C:\windows\System32\Tasks\{6104BE9F-B077-4EAE-AAF9-DA214016162E}
2018-01-10 10:45 - 2018-01-10 10:45 - 000018713 _____ C:\Users\Owner\Documents\SECU asset mgmt Position.dotx
2018-01-10 10:44 - 2018-01-10 10:44 - 000000000 ____D C:\Users\Owner\Documents\2018 job inquires
2018-01-09 13:26 - 2018-01-09 13:26 - 000001760 _____ C:\Users\Owner\Desktop\Games - Shortcut.lnk
2018-01-08 14:55 - 2018-01-08 16:46 - 000000000 ____D C:\Users\Owner\Desktop\download  Support  NETGEAR_files
2018-01-08 14:55 - 2018-01-08 14:55 - 000048362 _____ C:\Users\Owner\Desktop\download  Support  NETGEAR.htm
2018-01-04 21:09 - 2018-01-04 21:09 - 003913709 _____ C:\Users\Owner\Desktop\ATT_SM-G730A_Galaxy__S3_Mini_English_JB_User_Manual_MH3_F4.pdf
2018-01-04 12:08 - 2018-01-04 12:08 - 000017938 _____ C:\Users\Owner\Desktop\Log Name.dotx
2018-01-04 11:25 - 2010-11-21 02:16 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-01-02 15:25 - 2018-01-02 15:25 - 000284615 _____ C:\Users\Owner\Downloads\Burial.pdf
2017-12-24 12:34 - 2017-12-24 12:34 - 000000000 ____D C:\SymCache
2017-12-20 11:21 - 2017-12-20 11:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\JihoPhotoRecovery
2017-12-18 10:01 - 2017-12-18 10:01 - 000111452 _____ C:\Users\Owner\Downloads\LG-SGXH-X4HZ-XWM7-V4SC.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-14 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\inetsrv
2018-01-14 10:13 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-14 10:13 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-01-14 10:10 - 2009-07-14 00:13 - 000824772 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-14 10:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-01-11 18:34 - 2012-11-21 00:05 - 000000000 ____D C:\Users\Owner\Documents\Resume
2018-01-11 13:09 - 2013-01-08 16:10 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9B500F-D277-4A39-8115-F69119842F0F}
2018-01-09 13:26 - 2015-08-29 09:52 - 000182272 ___SH C:\Users\Owner\Desktop\Thumbs.db
2018-01-08 18:02 - 2015-03-04 19:38 - 000000000 ____D C:\ProgramData\Oracle
2018-01-08 17:01 - 2015-07-06 10:53 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-08 16:49 - 2012-10-16 08:37 - 000000000 ____D C:\Users\Owner
2018-01-08 16:48 - 2015-07-21 12:19 - 000000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2018-01-08 16:47 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-08 16:47 - 2012-10-15 20:34 - 000000000 ____D C:\windows\system32\Drivers\NortonPCCheckupx64
2018-01-08 16:47 - 2009-07-14 00:32 - 000000000 ____D C:\windows\Downloaded Program Files
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\TAPI
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Msdtc
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\PLA
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\Program Files (x86)\Coupons
2018-01-08 16:46 - 2012-10-15 19:39 - 000000000 ____D C:\Program Files\Elantech
2018-01-08 16:45 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-01-04 13:53 - 2012-10-15 20:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-02 17:07 - 2014-11-01 20:50 - 000000000 ____D C:\windows\System32\Tasks\Event Viewer Tasks
2017-12-29 13:41 - 2013-05-15 01:43 - 000000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0

==================== Files in the root of some directories =======

2013-01-16 20:40 - 2013-01-16 20:40 - 000000023 _____ () C:\Users\Owner\AppData\Local\kodakpcd.ini
2013-01-06 20:45 - 2017-12-01 19:44 - 000007632 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 00:27

==================== End of FRST.txt ============================

o-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [891040 2012-11-27] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 32-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 64-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\MountPoints2: {6c20378e-1b8d-11e2-a397-00266cd5c46a} - F:\DTVP_Launcher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{62A680E1-BFAF-4130-8F9F-8A385DF71347}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=94cco60ncg5pq
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> DefaultScope {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {5AAAD3DB-6713-431E-AD28-4D0440BB3868} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {a14d617b-7664-4830-b942-10e708ed191e} URL = hxxp://isearch.shopathome.com?user_id={609ebc7e-eb6a-4b8b-b26d-200873f5d8b2}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1437145097610
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1437144277304
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/EmailConfig/static/installer/ATTEmailUpdater64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7lEI\Installr\1.bin\NP7lEISB.dll [2013-08-07] (CursorMania)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll [2010-06-23] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IISADMIN; C:\windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMSVC; C:\windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-04-25] (CACE Technologies, Inc.)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S1 MpKsl9f65f4f5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{312EF1DE-531C-4F82-AE4D-0740542D2C2B}\MpKsl9f65f4f5.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-14 13:05 - 2018-01-14 13:06 - 000014618 _____ C:\Users\Owner\Desktop\FRST.txt
2018-01-14 13:04 - 2018-01-14 13:05 - 000000000 ____D C:\FRST
2018-01-14 13:03 - 2018-01-14 13:03 - 002393088 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-01-14 11:53 - 2018-01-14 11:53 - 000003000 _____ C:\windows\System32\Tasks\{6104BE9F-B077-4EAE-AAF9-DA214016162E}
2018-01-10 10:45 - 2018-01-10 10:45 - 000018713 _____ C:\Users\Owner\Documents\SECU asset mgmt Position.dotx
2018-01-10 10:44 - 2018-01-10 10:44 - 000000000 ____D C:\Users\Owner\Documents\2018 job inquires
2018-01-09 13:26 - 2018-01-09 13:26 - 000001760 _____ C:\Users\Owner\Desktop\Games - Shortcut.lnk
2018-01-08 14:55 - 2018-01-08 16:46 - 000000000 ____D C:\Users\Owner\Desktop\download  Support  NETGEAR_files
2018-01-08 14:55 - 2018-01-08 14:55 - 000048362 _____ C:\Users\Owner\Desktop\download  Support  NETGEAR.htm
2018-01-04 21:09 - 2018-01-04 21:09 - 003913709 _____ C:\Users\Owner\Desktop\ATT_SM-G730A_Galaxy__S3_Mini_English_JB_User_Manual_MH3_F4.pdf
2018-01-04 12:08 - 2018-01-04 12:08 - 000017938 _____ C:\Users\Owner\Desktop\Log Name.dotx
2018-01-04 11:25 - 2010-11-21 02:16 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-01-02 15:25 - 2018-01-02 15:25 - 000284615 _____ C:\Users\Owner\Downloads\Burial.pdf
2017-12-24 12:34 - 2017-12-24 12:34 - 000000000 ____D C:\SymCache
2017-12-20 11:21 - 2017-12-20 11:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\JihoPhotoRecovery
2017-12-18 10:01 - 2017-12-18 10:01 - 000111452 _____ C:\Users\Owner\Downloads\LG-SGXH-X4HZ-XWM7-V4SC.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-14 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\inetsrv
2018-01-14 10:13 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-14 10:13 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-01-14 10:10 - 2009-07-14 00:13 - 000824772 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-14 10:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-01-11 18:34 - 2012-11-21 00:05 - 000000000 ____D C:\Users\Owner\Documents\Resume
2018-01-11 13:09 - 2013-01-08 16:10 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9B500F-D277-4A39-8115-F69119842F0F}
2018-01-09 13:26 - 2015-08-29 09:52 - 000182272 ___SH C:\Users\Owner\Desktop\Thumbs.db
2018-01-08 18:02 - 2015-03-04 19:38 - 000000000 ____D C:\ProgramData\Oracle
2018-01-08 17:01 - 2015-07-06 10:53 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-08 16:49 - 2012-10-16 08:37 - 000000000 ____D C:\Users\Owner
2018-01-08 16:48 - 2015-07-21 12:19 - 000000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2018-01-08 16:47 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-08 16:47 - 2012-10-15 20:34 - 000000000 ____D C:\windows\system32\Drivers\NortonPCCheckupx64
2018-01-08 16:47 - 2009-07-14 00:32 - 000000000 ____D C:\windows\Downloaded Program Files
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\TAPI
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Msdtc
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\PLA
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\Program Files (x86)\Coupons
2018-01-08 16:46 - 2012-10-15 19:39 - 000000000 ____D C:\Program Files\Elantech
2018-01-08 16:45 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-01-04 13:53 - 2012-10-15 20:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-02 17:07 - 2014-11-01 20:50 - 000000000 ____D C:\windows\System32\Tasks\Event Viewer Tasks
2017-12-29 13:41 - 2013-05-15 01:43 - 000000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0

==================== Files in the root of some directories =======

2013-01-16 20:40 - 2013-01-16 20:40 - 000000023 _____ () C:\Users\Owner\AppData\Local\kodakpcd.ini
2013-01-06 20:45 - 2017-12-01 19:44 - 000007632 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 00:27

==================== End of FRST.txt ============================

Attached Files

•  Addition.txt   30.08KB   156 downloads

[Advertisements]

Post a reply as soon as you get a log.  Don't wait until you have them all.

 

Uninstall:

 

Java 8 Update 40
Java 8 Update 45

 

It's obsolete and rarely used these days but often a malware target and if not kept up to date can easily be attacked.

 

Get AdwCleaner:

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and right click on the AdwCleaner icon and select Run As Admin.


Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Try connecting to your website again.

 

If it still won't work:
 

 

 

 

Copy the next line:

 

RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

 

Close Internet Explorer.

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter if you don't get the Reset Internet Explorer window.  Click on the Reset button.

 

Open IE and try your website.

Go to your PC maker's support website and find the driver for:

Realtek WLAN Driver

 

Download and install.

 

Reboot and try your website.

 

 

Download the attached fixlist.txt to the same location as FRST






Run FRST and press Fix
A fix log will be generated please post that.

Reboot.

 

Try your website.  If still not working:

 

Right Click on (My) Computer and select Manage.  Select Device Manager.

Find the Network Adapters.  Click on the arrow in front to open it.  Right click on each adapter and Uninstall.  (Do not let it remove the drivers if it asks)

 

Reboot.


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.




 

[RKinner]

Post a reply as soon as you get a log.  Don't wait until you have them all.

 

Uninstall:

 

Java 8 Update 40
Java 8 Update 45

 

It's obsolete and rarely used these days but often a malware target and if not kept up to date can easily be attacked.

 

Get AdwCleaner:

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and right click on the AdwCleaner icon and select Run As Admin.


Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Try connecting to your website again.

 

If it still won't work:
 

 

 

 

Copy the next line:

 

RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

 

Close Internet Explorer.

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter if you don't get the Reset Internet Explorer window.  Click on the Reset button.

 

Open IE and try your website.

Go to your PC maker's support website and find the driver for:

Realtek WLAN Driver

 

Download and install.

 

Reboot and try your website.

 

 

Download the attached fixlist.txt to the same location as FRST






Run FRST and press Fix
A fix log will be generated please post that.

Reboot.

 

Try your website.  If still not working:

 

Right Click on (My) Computer and select Manage.  Select Device Manager.

Find the Network Adapters.  Click on the arrow in front to open it.  Right click on each adapter and Uninstall.  (Do not let it remove the drivers if it asks)

 

Reboot.


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.




 

[oldpc]

Hi. Thanks SO much for your reply! I've run ADWCleaner and the website still does not open. I will continue with the next step. The log from ADWCleaner is below:

 

# AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 18 00:28:19 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\TweakBit
Deleted: C:\ProgramData\Application Data\TweakBit
Deleted: C:\Users\All Users\TweakBit
Deleted: C:\Users\Owner\AppData\Roaming\DriverFinder
Deleted: C:\Users\Owner\AppData\Roaming\pccustubinstaller
Deleted: C:\Users\Owner\AppData\Local\Programs\BeFrugal.com
Deleted: C:\Program Files (x86)\Yahoo!\Companion
Deleted: C:\Users\Owner\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Owner\AppData\Roaming\driverfinder
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Program Files (x86)\CursorMania_7lEI

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\BEFRUGAL
Deleted: [Key] - HKCU\Software\BEFRUGAL
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\TWEAKBIT
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
Deleted: [Key] - HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [6124 B] - [2018/1/18 0:26:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########