Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Owner (administrator) on OWNER-PC (14-01-2018 13:05:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...-tutorial-how-t
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
Ran by Owner (administrator) on OWNER-PC (14-01-2018 13:05:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [891040 2012-11-27] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 32-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 64-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\MountPoints2: {6c20378e-1b8d-11e2-a397-00266cd5c46a} - F:\DTVP_Launcher.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{62A680E1-BFAF-4130-8F9F-8A385DF71347}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=94cco60ncg5pq
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> DefaultScope {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {5AAAD3DB-6713-431E-AD28-4D0440BB3868} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {a14d617b-7664-4830-b942-10e708ed191e} URL = hxxp://isearch.shopathome.com?user_id={609ebc7e-eb6a-4b8b-b26d-200873f5d8b2}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1437145097610
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1437144277304
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/EmailConfig/static/installer/ATTEmailUpdater64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7lEI\Installr\1.bin\NP7lEISB.dll [2013-08-07] (CursorMania)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll [2010-06-23] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 IISADMIN; C:\windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMSVC; C:\windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-04-25] (CACE Technologies, Inc.)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S1 MpKsl9f65f4f5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{312EF1DE-531C-4F82-AE4D-0740542D2C2B}\MpKsl9f65f4f5.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-14 13:05 - 2018-01-14 13:06 - 000014618 _____ C:\Users\Owner\Desktop\FRST.txt
2018-01-14 13:04 - 2018-01-14 13:05 - 000000000 ____D C:\FRST
2018-01-14 13:03 - 2018-01-14 13:03 - 002393088 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-01-14 11:53 - 2018-01-14 11:53 - 000003000 _____ C:\windows\System32\Tasks\{6104BE9F-B077-4EAE-AAF9-DA214016162E}
2018-01-10 10:45 - 2018-01-10 10:45 - 000018713 _____ C:\Users\Owner\Documents\SECU asset mgmt Position.dotx
2018-01-10 10:44 - 2018-01-10 10:44 - 000000000 ____D C:\Users\Owner\Documents\2018 job inquires
2018-01-09 13:26 - 2018-01-09 13:26 - 000001760 _____ C:\Users\Owner\Desktop\Games - Shortcut.lnk
2018-01-08 14:55 - 2018-01-08 16:46 - 000000000 ____D C:\Users\Owner\Desktop\download Support NETGEAR_files
2018-01-08 14:55 - 2018-01-08 14:55 - 000048362 _____ C:\Users\Owner\Desktop\download Support NETGEAR.htm
2018-01-04 21:09 - 2018-01-04 21:09 - 003913709 _____ C:\Users\Owner\Desktop\ATT_SM-G730A_Galaxy__S3_Mini_English_JB_User_Manual_MH3_F4.pdf
2018-01-04 12:08 - 2018-01-04 12:08 - 000017938 _____ C:\Users\Owner\Desktop\Log Name.dotx
2018-01-04 11:25 - 2010-11-21 02:16 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-01-02 15:25 - 2018-01-02 15:25 - 000284615 _____ C:\Users\Owner\Downloads\Burial.pdf
2017-12-24 12:34 - 2017-12-24 12:34 - 000000000 ____D C:\SymCache
2017-12-20 11:21 - 2017-12-20 11:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\JihoPhotoRecovery
2017-12-18 10:01 - 2017-12-18 10:01 - 000111452 _____ C:\Users\Owner\Downloads\LG-SGXH-X4HZ-XWM7-V4SC.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-14 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\inetsrv
2018-01-14 10:13 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-14 10:13 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-01-14 10:10 - 2009-07-14 00:13 - 000824772 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-14 10:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-01-11 18:34 - 2012-11-21 00:05 - 000000000 ____D C:\Users\Owner\Documents\Resume
2018-01-11 13:09 - 2013-01-08 16:10 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9B500F-D277-4A39-8115-F69119842F0F}
2018-01-09 13:26 - 2015-08-29 09:52 - 000182272 ___SH C:\Users\Owner\Desktop\Thumbs.db
2018-01-08 18:02 - 2015-03-04 19:38 - 000000000 ____D C:\ProgramData\Oracle
2018-01-08 17:01 - 2015-07-06 10:53 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-08 16:49 - 2012-10-16 08:37 - 000000000 ____D C:\Users\Owner
2018-01-08 16:48 - 2015-07-21 12:19 - 000000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2018-01-08 16:47 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-08 16:47 - 2012-10-15 20:34 - 000000000 ____D C:\windows\system32\Drivers\NortonPCCheckupx64
2018-01-08 16:47 - 2009-07-14 00:32 - 000000000 ____D C:\windows\Downloaded Program Files
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\TAPI
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Msdtc
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\PLA
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\Program Files (x86)\Coupons
2018-01-08 16:46 - 2012-10-15 19:39 - 000000000 ____D C:\Program Files\Elantech
2018-01-08 16:45 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-01-04 13:53 - 2012-10-15 20:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-02 17:07 - 2014-11-01 20:50 - 000000000 ____D C:\windows\System32\Tasks\Event Viewer Tasks
2017-12-29 13:41 - 2013-05-15 01:43 - 000000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
==================== Files in the root of some directories =======
2013-01-16 20:40 - 2013-01-16 20:40 - 000000023 _____ () C:\Users\Owner\AppData\Local\kodakpcd.ini
2013-01-06 20:45 - 2017-12-01 19:44 - 000007632 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-08 00:27
==================== End of FRST.txt ============================
o-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [891040 2012-11-27] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 32-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [My Scrap Nook AppIntegrator 64-bit] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\MountPoints2: {6c20378e-1b8d-11e2-a397-00266cd5c46a} - F:\DTVP_Launcher.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{62A680E1-BFAF-4130-8F9F-8A385DF71347}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=94cco60ncg5pq
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> DefaultScope {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {4DAB8070-3E78-4967-86C6-1D2A5F2CFE77} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS506
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {5AAAD3DB-6713-431E-AD28-4D0440BB3868} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {a14d617b-7664-4830-b942-10e708ed191e} URL = hxxp://isearch.shopathome.com?user_id={609ebc7e-eb6a-4b8b-b26d-200873f5d8b2}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2544843157-150801207-2719152979-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1437145097610
DPF: HKLM-x32 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1437144277304
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/EmailConfig/static/installer/ATTEmailUpdater64.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @ei.CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7lEI\Installr\1.bin\NP7lEISB.dll [2013-08-07] (CursorMania)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll [2010-06-23] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-04]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 IISADMIN; C:\windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-06-23] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMSVC; C:\windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-04-25] (CACE Technologies, Inc.)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S1 MpKsl9f65f4f5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{312EF1DE-531C-4F82-AE4D-0740542D2C2B}\MpKsl9f65f4f5.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-14 13:05 - 2018-01-14 13:06 - 000014618 _____ C:\Users\Owner\Desktop\FRST.txt
2018-01-14 13:04 - 2018-01-14 13:05 - 000000000 ____D C:\FRST
2018-01-14 13:03 - 2018-01-14 13:03 - 002393088 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-01-14 11:53 - 2018-01-14 11:53 - 000003000 _____ C:\windows\System32\Tasks\{6104BE9F-B077-4EAE-AAF9-DA214016162E}
2018-01-10 10:45 - 2018-01-10 10:45 - 000018713 _____ C:\Users\Owner\Documents\SECU asset mgmt Position.dotx
2018-01-10 10:44 - 2018-01-10 10:44 - 000000000 ____D C:\Users\Owner\Documents\2018 job inquires
2018-01-09 13:26 - 2018-01-09 13:26 - 000001760 _____ C:\Users\Owner\Desktop\Games - Shortcut.lnk
2018-01-08 14:55 - 2018-01-08 16:46 - 000000000 ____D C:\Users\Owner\Desktop\download Support NETGEAR_files
2018-01-08 14:55 - 2018-01-08 14:55 - 000048362 _____ C:\Users\Owner\Desktop\download Support NETGEAR.htm
2018-01-04 21:09 - 2018-01-04 21:09 - 003913709 _____ C:\Users\Owner\Desktop\ATT_SM-G730A_Galaxy__S3_Mini_English_JB_User_Manual_MH3_F4.pdf
2018-01-04 12:08 - 2018-01-04 12:08 - 000017938 _____ C:\Users\Owner\Desktop\Log Name.dotx
2018-01-04 11:25 - 2010-11-21 02:16 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-01-02 15:25 - 2018-01-02 15:25 - 000284615 _____ C:\Users\Owner\Downloads\Burial.pdf
2017-12-24 12:34 - 2017-12-24 12:34 - 000000000 ____D C:\SymCache
2017-12-20 11:21 - 2017-12-20 11:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\JihoPhotoRecovery
2017-12-18 10:01 - 2017-12-18 10:01 - 000111452 _____ C:\Users\Owner\Downloads\LG-SGXH-X4HZ-XWM7-V4SC.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-14 13:00 - 2009-07-13 23:45 - 000024944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-14 10:15 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\inetsrv
2018-01-14 10:13 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-14 10:13 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2018-01-14 10:10 - 2009-07-14 00:13 - 000824772 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-14 10:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-01-11 18:34 - 2012-11-21 00:05 - 000000000 ____D C:\Users\Owner\Documents\Resume
2018-01-11 13:09 - 2013-01-08 16:10 - 000003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9B500F-D277-4A39-8115-F69119842F0F}
2018-01-09 13:26 - 2015-08-29 09:52 - 000182272 ___SH C:\Users\Owner\Desktop\Thumbs.db
2018-01-08 18:02 - 2015-03-04 19:38 - 000000000 ____D C:\ProgramData\Oracle
2018-01-08 17:01 - 2015-07-06 10:53 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-08 16:49 - 2012-10-16 08:37 - 000000000 ____D C:\Users\Owner
2018-01-08 16:48 - 2015-07-21 12:19 - 000000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2018-01-08 16:47 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool
2018-01-08 16:47 - 2012-10-15 20:34 - 000000000 ____D C:\windows\system32\Drivers\NortonPCCheckupx64
2018-01-08 16:47 - 2009-07-14 00:32 - 000000000 ____D C:\windows\Downloaded Program Files
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\TAPI
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Msdtc
2018-01-08 16:47 - 2009-07-13 22:20 - 000000000 ____D C:\windows\PLA
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2018-01-08 16:46 - 2012-12-17 18:33 - 000000000 ____D C:\Program Files (x86)\Coupons
2018-01-08 16:46 - 2012-10-15 19:39 - 000000000 ____D C:\Program Files\Elantech
2018-01-08 16:45 - 2014-04-25 21:45 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-01-04 13:53 - 2012-10-15 20:26 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-02 17:07 - 2014-11-01 20:50 - 000000000 ____D C:\windows\System32\Tasks\Event Viewer Tasks
2017-12-29 13:41 - 2013-05-15 01:43 - 000000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
==================== Files in the root of some directories =======
2013-01-16 20:40 - 2013-01-16 20:40 - 000000023 _____ () C:\Users\Owner\AppData\Local\kodakpcd.ini
2013-01-06 20:45 - 2017-12-01 19:44 - 000007632 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-08 00:27
==================== End of FRST.txt ============================