No malicious services found.
No malicious folders found.
No malicious files found.
No malicious DLLs found.
No malicious keys found.
No infected shortcut found.
No malicious task found.
No malicious registry entries found.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Kristoph (administrator) on KRISTO (07-10-2016 16:29:20)
Running from C:\Users\Kristoph\Downloads
Loaded Profiles: Kristoph (Available Profiles: Kristoph)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\ns.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CaddieSyncConduit] => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2543936 2013-04-04] (SkyHawke)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\Run: [Dropbox Update] => C:\Users\Kristoph\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-16] (Dropbox, Inc.)
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\MountPoints2: {674f6250-8c4b-11e3-bf11-b888e3cdfea2} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\...\MountPoints2: {7fde44fa-a69c-11e2-bea8-b888e3cdfea2} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-10-28]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk [2012-09-03]
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Kristoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kristoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1 172.16.240.1
Tcpip\..\Interfaces\{56E93E27-474D-4069-80FE-7F532A6F4F69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F682A4AF-96E3-4B76-80DE-A4A4514FAAE0}: [DhcpNameServer] 8.8.8.8 192.168.1.1 172.16.240.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.6.0.142
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3141526601-2142420105-2995144340-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> DefaultScope {81CC8F23-BCB5-4318-A27F-9E6D43695D9F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> {81CC8F23-BCB5-4318-A27F-9E6D43695D9F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3141526601-2142420105-2995144340-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kristoph\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-19] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default [2016-10-07]
CHR Extension: (Google Docs) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Destiny Item Manager) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-16]
CHR Extension: (Google Search) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-11-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-16]
CHR Extension: (FlashUpdates4) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpfoipkbhnieokggpkjobogaenehee [2016-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Kristoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2016-10-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 EndpointIntegration; C:\Program Files\N-able Technologies\AVDefender\EndpointIntegration.exe [398480 2014-08-21] (Bitdefender)
S3 EndpointService; C:\Program Files\N-able Technologies\AVDefender\EndpointService.exe [398480 2014-08-21] (Bitdefender)
S3 epag; C:\Program Files\Common Files\N-able Technologies\Endpoint Agent\epag.exe [2395584 2014-08-21] (Bitdefender)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.1.32\NS.exe [289080 2016-08-16] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-24] (Dritek System INC.)
S2 SupportDockService.exe; C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services) [File not signed]
S3 UpdateService; C:\Program Files\N-able Technologies\AVDefender\UpdateService.exe [398480 2014-08-21] (Bitdefender)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S0 BDElam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 Bdfwfpf; C:\Program Files\N-able Technologies\AVDefender\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155400 2014-08-21] (BitDefender LLC)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-10-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20161006.001\IDSvia64.sys [1012440 2016-09-27] (Symantec Corporation)
R3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) <==== ATTENTION
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-11-12] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-24] (Dritek System Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1607010.020\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607010.020\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-21] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.001\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-07 16:29 - 2016-10-07 16:30 - 00033279 _____ C:\Users\Kristoph\Downloads\FRST.txt
2016-10-07 16:28 - 2016-10-07 16:29 - 00000000 ____D C:\FRST
2016-10-07 16:28 - 2016-10-07 16:28 - 02405376 _____ (Farbar) C:\Users\Kristoph\Downloads\FRST64.exe
2016-10-07 16:21 - 2016-10-07 16:21 - 00001432 _____ C:\Users\Kristoph\Desktop\AdwCleaner_10-7-16.txt
2016-10-07 15:21 - 2016-10-07 15:21 - 03874368 _____ C:\Users\Kristoph\Downloads\AdwCleaner.exe
2016-10-07 15:18 - 2016-10-07 15:18 - 00001061 _____ C:\Users\Kristoph\Desktop\MBAM_Log_10-7-16.txt
2016-10-07 11:59 - 2016-10-07 11:59 - 00049603 _____ C:\Users\Kristoph\Documents\resume_KKocan_10-4-16.pdf
2016-10-07 11:58 - 2016-10-07 11:58 - 00026051 _____ C:\Users\Kristoph\Documents\KKocan_cover Letter_10-7-16.pdf
2016-10-07 11:18 - 2016-10-07 11:18 - 00000000 ____D C:\Users\Kristoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-06 12:39 - 2016-10-06 12:39 - 00019146 _____ C:\Users\Kristoph\Documents\KKocan_cover Letter.pdf
2016-10-05 09:23 - 2016-10-05 09:23 - 00054784 _____ C:\Users\Kristoph\Documents\Swim_Team-2016-17 Roster.xls
2016-10-05 08:33 - 2016-10-05 08:33 - 00051712 _____ C:\Users\Kristoph\Downloads\Roster_Export (57).xls
2016-10-05 08:15 - 2016-10-05 08:15 - 01631928 _____ (Malwarebytes) C:\Users\Kristoph\Downloads\JRT.exe
2016-10-04 16:32 - 2016-10-04 16:32 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-10-04 15:14 - 2016-10-04 15:14 - 00000302 _____ C:\WINDOWS\system32\.crusader
2016-10-04 12:59 - 2016-10-04 15:13 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-04 12:58 - 2016-10-04 12:59 - 11579432 _____ (SurfRight B.V.) C:\Users\Kristoph\Downloads\hitmanpro_x64.exe
2016-10-04 09:01 - 2016-10-04 09:02 - 22851472 _____ (Malwarebytes ) C:\Users\Kristoph\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-04 08:37 - 2016-10-07 15:25 - 00000000 ____D C:\AdwCleaner
2016-10-04 08:35 - 2016-10-04 08:35 - 03861056 _____ C:\Users\Kristoph\Downloads\adwcleaner_6.020.exe
2016-10-03 16:06 - 2016-10-03 16:06 - 00051810 _____ C:\Users\Kristoph\Downloads\Balance_Due_Roster_Export.pdf
2016-10-03 13:57 - 2016-10-03 13:57 - 00019725 _____ C:\Users\Kristoph\Documents\Swim Team workouts Gold group.xlsx
2016-09-30 13:09 - 2016-09-30 13:09 - 00049664 _____ C:\Users\Kristoph\Downloads\Roster_Export (56).xls
2016-09-23 16:29 - 2016-09-23 16:30 - 00000000 ____D C:\Users\Kristoph\Desktop\DAM-TRI (YMCA) JUN 2016
2016-09-22 10:48 - 2016-09-22 10:48 - 00088064 _____ C:\Users\Kristoph\Downloads\Roster_Export (55).xls
2016-09-22 10:25 - 2016-10-03 17:50 - 03490304 _____ C:\Users\Kristoph\Documents\fallvolleyball.pub
2016-09-19 17:38 - 2016-09-19 17:38 - 00096768 _____ C:\Users\Kristoph\Documents\wall of fame.pub
2016-09-19 17:25 - 2016-09-19 17:25 - 00010672 _____ C:\Users\Kristoph\Downloads\Wall of Fame.xlsx
2016-09-19 09:44 - 2016-09-19 09:44 - 00025040 _____ C:\Users\Kristoph\Downloads\VRRENEWAL (2).pdf
2016-09-19 08:30 - 2016-09-19 08:30 - 00154436 _____ C:\Users\Kristoph\Downloads\PGRInsuranceIDCard (8).pdf
2016-09-16 10:45 - 2016-09-29 15:23 - 00615028 _____ C:\Users\Kristoph\Documents\KK_rev_draft_17 budget.xlsx
2016-09-16 09:52 - 2016-09-16 09:52 - 00171765 _____ C:\Users\Kristoph\Downloads\downloads (2).zip
2016-09-13 14:45 - 2016-09-13 14:45 - 00373977 _____ C:\Users\Kristoph\Downloads\2015TurboTaxReturn (2).pdf
2016-09-13 10:46 - 2016-09-13 10:46 - 00043008 _____ C:\Users\Kristoph\Downloads\Roster_Export (54).xls
2016-09-13 08:19 - 2016-09-13 08:19 - 00001913 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-09-12 15:50 - 2016-09-12 15:50 - 00012820 _____ C:\Users\Kristoph\Documents\2016-17 tentative League schedule.xlsx
2016-09-09 10:34 - 2016-10-06 12:39 - 00049353 _____ C:\Users\Kristoph\Documents\resume_KKocan.pdf
2016-09-09 09:40 - 2016-09-09 09:40 - 00304077 _____ C:\Users\Kristoph\Downloads\logo-wht_rgb.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-07 16:10 - 2015-10-16 13:05 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3141526601-2142420105-2995144340-1001UA.job
2016-10-07 15:44 - 2013-03-02 14:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-07 15:33 - 2013-02-12 13:15 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3141526601-2142420105-2995144340-1001
2016-10-07 15:16 - 2014-10-28 10:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-07 13:10 - 2015-10-16 13:05 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3141526601-2142420105-2995144340-1001Core.job
2016-10-07 12:56 - 2014-10-28 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-07 12:38 - 2013-02-12 20:06 - 00000000 ____D C:\Users\Kristoph\Documents\Outlook Files
2016-10-07 11:36 - 2013-12-04 15:14 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC315014-C55A-4A54-AF5C-8190ADDD74B6}
2016-10-07 11:19 - 2013-02-12 20:28 - 00000000 ____D C:\Users\Kristoph\AppData\Roaming\Dropbox
2016-10-06 17:26 - 2016-03-14 20:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-10-05 08:53 - 2016-03-21 18:26 - 00000000 ___RD C:\Users\Kristoph\OneDrive
2016-10-04 16:36 - 2013-02-12 20:32 - 00000000 ___RD C:\Users\Kristoph\Dropbox
2016-10-04 16:35 - 2014-10-13 15:14 - 00000000 ___RD C:\Users\Kristoph\iCloudDrive
2016-10-04 16:32 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-04 16:31 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-04 09:18 - 2015-10-16 13:05 - 00000000 ____D C:\Users\Kristoph\AppData\Local\Dropbox
2016-10-04 09:04 - 2014-10-28 10:57 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-04 09:04 - 2014-10-28 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-04 08:51 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-04 08:30 - 2014-10-13 15:13 - 00003422 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-10-04 08:15 - 2013-02-12 20:16 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-04 08:15 - 2013-02-12 20:16 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-30 08:08 - 2016-07-05 11:38 - 00021313 _____ C:\Users\Kristoph\Documents\KK-Program goals.xlsx
2016-09-29 14:49 - 2015-01-16 14:05 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-26 08:45 - 2013-09-30 00:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-26 08:45 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-22 16:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-22 16:04 - 2013-03-02 14:41 - 00000000 ____D C:\Users\Kristoph\AppData\Local\CrashDumps
2016-09-22 09:53 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-22 09:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-19 11:31 - 2014-05-09 22:25 - 00000000 ____D C:\Users\Kristoph\AppData\Local\Apple Computer
2016-09-13 14:44 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 14:44 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 14:44 - 2013-03-02 14:41 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-09-13 08:21 - 2014-07-28 09:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-13 08:19 - 2014-07-28 09:42 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-09-13 08:19 - 2013-06-08 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-09-13 08:19 - 2013-02-18 20:39 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-09-13 08:06 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
==================== Files in the root of some directories =======
2013-09-19 09:39 - 2013-09-19 09:39 - 0028981 _____ () C:\Users\Kristoph\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Themes
2015-02-13 19:58 - 2015-02-13 19:58 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Track Settings
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Trance Pad
2015-02-13 19:56 - 2015-02-13 19:56 - 0000268 ___RH () C:\Users\Kristoph\AppData\Roaming\Vocal Transformer
2014-10-15 09:04 - 2014-10-15 09:04 - 0000038 ___SH () C:\Users\Kristoph\AppData\Local\42747051538627b9063d49.45359236
2013-11-07 17:11 - 2013-01-14 12:34 - 0007680 _____ () C:\Users\Kristoph\AppData\Local\Z@!-34e250a8-d0c7-4e57-af1e-4457d30950d1.tmp
2013-11-07 17:11 - 2013-01-14 12:34 - 0007168 _____ () C:\Users\Kristoph\AppData\Local\Z@S!-489aa636-41e9-458c-a482-3d122297023c.tmp
2015-02-13 19:57 - 2015-02-13 19:57 - 0000012 ___RH () C:\ProgramData\business-inkjet
2015-02-13 19:56 - 2015-02-13 19:56 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2015-02-13 19:58 - 2015-02-13 21:32 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-02-13 19:57 - 2015-02-22 18:53 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-02-13 19:57 - 2015-02-22 18:51 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\ProgramData\Treble Reduction
2015-02-13 19:58 - 2015-02-13 19:58 - 0000268 ___RH () C:\ProgramData\Tremolo
2015-02-13 19:57 - 2015-02-13 19:57 - 0000268 ___RH () C:\ProgramData\Tribal Masks
2015-02-13 19:56 - 2015-02-13 19:57 - 0000012 ___RH () C:\ProgramData\Woodwind
2015-02-13 19:58 - 2015-02-13 19:58 - 0000012 ___RH () C:\ProgramData\Work - Home
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-04 16:46
==================== End of FRST.txt ============================