KKimble
Posts: 63 +0
Purchased a new laptop for school today, and after cleaning up the bloatware I installed RogueKiller. A few PUPs came up, but what stood out was the fact that "RogueKillerX64.exe" was detected as "Tr.Gen0" If I uninstall RogueKiller, will it fix the problem? Or will I still have issues? thanks
Logs below.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Karissa (administrator) on LAPTOP-7DE1DIR6 (04-02-2017 05:14:40)
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a4275c8-ec22-443a-981f-23cf190d490c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614364c1-71e2-4cee-a020-91d54d5d127e}: [DhcpNameServer] 40.32.1.55
Internet Explorer:
==================
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-10] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-10] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-11-10] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-11-10] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default
FF DefaultSearchEngine: Google
FF Homepage: yahoo.ca
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-01-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Extension: Amazon Assistant for Firefox - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\abb-acer@amazon.com [2017-02-03]
FF Extension: English (US) Language Pack - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-02-03]
FF Extension: Mozilla Partner Defaults - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\partnerdefaults@mozilla.com [2017-02-03]
FF Extension: adaware ad block - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-03]
FF Extension: Firefox Hotfix - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-03]
FF Extension: Adblock Plus - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-03-06] (Microsoft Corporation)
R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [485344 2016-09-01] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350688 2016-09-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 OneSyncSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-11-10] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 Amazon 1Button App Service; "c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245760 2016-11-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202848 2016-04-14] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 05:14 - 2017-02-04 05:14 - 00019277 _____ C:\Users\Karissa\Desktop\FRST.txt
2017-02-04 05:14 - 2017-02-04 05:14 - 00000000 ____D C:\FRST
2017-02-04 05:09 - 2017-02-04 05:14 - 02193920 _____ (Farbar) C:\Users\Karissa\Desktop\FRST64.exe
2017-02-04 04:49 - 2017-02-04 04:49 - 00007626 _____ C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 03:40 - 2017-02-04 04:27 - 25969736 _____ C:\Users\Karissa\Downloads\RogueKillerX64.exe
2017-02-04 03:37 - 2017-02-04 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-04 03:10 - 2017-02-04 03:11 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-04 03:09 - 2017-02-04 03:10 - 00000000 ____D C:\Windows\system32\MRT
2017-02-04 03:09 - 2017-02-04 03:09 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-04 02:17 - 2017-02-04 04:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-04 02:17 - 2017-02-04 02:17 - 00000000 ____D C:\Users\Karissa\AppData\Local\MicrosoftEdge
2017-02-04 02:16 - 2017-02-04 03:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-04 02:02 - 2017-02-04 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Mozilla
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Local\Mozilla
2017-02-03 23:07 - 2017-02-03 23:07 - 00004890 _____ C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-02-03 23:07 - 2017-02-03 23:07 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Macromedia
2017-02-03 23:01 - 2017-02-03 23:01 - 00000000 ____D C:\Users\Karissa\AppData\Local\Comms
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\WildTangent
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Local\IIIQF
2017-02-03 22:56 - 2017-02-03 22:56 - 00002348 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-03 22:56 - 2017-02-03 22:56 - 00000000 ___RD C:\Users\Karissa\OneDrive
2017-02-03 22:55 - 2017-02-03 22:55 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Intel Corporation
2017-02-03 22:54 - 2017-02-03 22:54 - 00001337 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-02-03 22:54 - 2017-02-03 22:54 - 00000000 ____D C:\Users\Karissa\AppData\Local\CareCenter
2017-02-03 22:53 - 2017-02-03 22:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\ActiveSync
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\PicStream
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\Publishers
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\AOP SDK
2017-02-03 22:51 - 2017-02-03 22:51 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-03 22:50 - 2017-02-04 00:20 - 00000000 ____D C:\Users\Karissa\AppData\Local\Packages
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ___HD C:\ProgramData\O949
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Adobe
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\VirtualStore
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\TileDataLayer
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\ProgramData\Dashlane
2017-02-03 22:49 - 2017-02-04 00:14 - 00000000 ____D C:\Users\Karissa
2017-02-03 22:49 - 2017-02-03 22:50 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-03 22:49 - 2017-02-03 22:49 - 00000020 ___SH C:\Users\Karissa\ntuser.ini
2017-02-03 22:49 - 2017-02-03 22:49 - 00000000 ____D C:\Windows\oem
2017-02-03 22:49 - 2016-11-10 18:42 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 __RSD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 14:31 - 2016-11-10 20:02 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-02-04 14:31 - 2016-05-04 22:01 - 00003852 _____ C:\Windows\System32\Tasks\ACCAgent
2017-02-04 14:30 - 2016-11-10 20:32 - 00002074 _____ C:\Windows\System32\Tasks\FUBTrackingByPLD
2017-02-04 14:30 - 2016-11-10 20:21 - 00002256 _____ C:\Windows\System32\Tasks\Power Button
2017-02-04 14:30 - 2016-11-10 20:21 - 00002180 _____ C:\Windows\System32\Tasks\Quick Access
2017-02-04 14:30 - 2016-05-04 22:07 - 00002564 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-02-04 14:30 - 2016-05-04 22:04 - 00002496 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-04 14:30 - 2016-05-04 22:01 - 00004302 _____ C:\Windows\System32\Tasks\Software Update Application
2017-02-04 14:30 - 2016-05-04 22:01 - 00002820 _____ C:\Windows\System32\Tasks\ACC
2017-02-04 14:30 - 2016-05-04 22:01 - 00002328 _____ C:\Windows\System32\Tasks\ACCBackgroundApplication
2017-02-04 14:30 - 2015-10-30 01:28 - 00000000 __RHD C:\Users\Default
2017-02-04 04:28 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\sru
2017-02-04 03:44 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp
2017-02-04 03:32 - 2016-11-10 18:04 - 00827564 _____ C:\Windows\system32\perfh00C.dat
2017-02-04 03:32 - 2016-11-10 18:04 - 00158080 _____ C:\Windows\system32\perfc00C.dat
2017-02-04 03:32 - 2016-05-04 22:13 - 01848468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 03:32 - 2016-05-04 22:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-02-04 03:32 - 2016-05-04 21:58 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-02-04 03:30 - 2016-11-10 20:02 - 00009321 _____ C:\Windows\SysWOW64\Gms.log
2017-02-04 03:27 - 2016-02-13 08:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-04 03:26 - 2016-05-04 21:51 - 00008110 _____ C:\Windows\PFRO.log
2017-02-04 03:26 - 2016-02-13 08:11 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-04 03:26 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\SysWOW64\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\setup
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-04 03:18 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-04 03:11 - 2016-11-10 20:13 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-04 03:11 - 2016-05-04 22:51 - 00000000 ____D C:\Windows\Panther
2017-02-04 02:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-04 02:02 - 2016-11-10 18:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 02:00 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-04 01:13 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files\Acer
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\OEM
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-03 23:34 - 2016-05-04 22:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-03 23:28 - 2016-11-10 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 23:17 - 2016-02-13 08:12 - 00197440 _____ C:\Windows\setupact.log
2017-02-03 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\restore
2017-02-03 23:07 - 2016-05-04 22:46 - 00000000 ___HD C:\OEM
2017-02-03 23:07 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Acer
2017-02-03 23:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-02-03 23:06 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat
2017-02-03 23:04 - 2016-11-10 20:14 - 00000000 ___HD C:\ProgramData\{A90E7F59-66F4-44B3-AE99-B9C20B6DA5CE}
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-03 22:58 - 2015-10-30 01:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
==================== Files in the root of some directories =======
2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2016-11-10 19:27 - 2016-11-10 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Karissa\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-04 21:51
==================== End of FRST.txt ============================
Logs below.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Karissa (administrator) on LAPTOP-7DE1DIR6 (04-02-2017 05:14:40)
Running from C:\Users\Karissa\Desktop
Loaded Profiles: Karissa (Available Profiles: Karissa)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a4275c8-ec22-443a-981f-23cf190d490c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{614364c1-71e2-4cee-a020-91d54d5d127e}: [DhcpNameServer] 40.32.1.55
Internet Explorer:
==================
HKU\S-1-5-21-2782783146-3927728050-3817788716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2782783146-3927728050-3817788716-1001 -> DefaultScope {194D4165-BD63-47B5-BE17-059DA40783B7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-10] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-10] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-24] (McAfee, Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-11-10] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-11-10] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default
FF DefaultSearchEngine: Google
FF Homepage: yahoo.ca
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-01-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Extension: Amazon Assistant for Firefox - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\abb-acer@amazon.com [2017-02-03]
FF Extension: English (US) Language Pack - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-02-03]
FF Extension: Mozilla Partner Defaults - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\partnerdefaults@mozilla.com [2017-02-03]
FF Extension: adaware ad block - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-02-03]
FF Extension: Firefox Hotfix - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-03]
FF Extension: Adblock Plus - C:\Users\Karissa\AppData\Roaming\Mozilla\Firefox\Profiles\hl4qjtqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [326392 2015-11-27] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-08-31] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-03-06] (Microsoft Corporation)
R2 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [485344 2016-09-01] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350688 2016-09-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 OneSyncSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_38e55; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b8a5; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_450e2; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_64462; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-05-23] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-05-23] (Acer Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-11-10] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UnistoreSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc_174a2a; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 Amazon 1Button App Service; "c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [245760 2016-11-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202848 2016-04-14] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-24] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-18] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [769752 2015-12-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 05:14 - 2017-02-04 05:14 - 00019277 _____ C:\Users\Karissa\Desktop\FRST.txt
2017-02-04 05:14 - 2017-02-04 05:14 - 00000000 ____D C:\FRST
2017-02-04 05:09 - 2017-02-04 05:14 - 02193920 _____ (Farbar) C:\Users\Karissa\Desktop\FRST64.exe
2017-02-04 04:49 - 2017-02-04 04:49 - 00007626 _____ C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2017-02-04 03:40 - 2017-02-04 04:27 - 25969736 _____ C:\Users\Karissa\Downloads\RogueKillerX64.exe
2017-02-04 03:37 - 2017-02-04 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-04 03:10 - 2017-02-04 03:11 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-04 03:09 - 2017-02-04 03:10 - 00000000 ____D C:\Windows\system32\MRT
2017-02-04 03:09 - 2017-02-04 03:09 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-04 02:17 - 2017-02-04 04:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-04 02:17 - 2017-02-04 02:17 - 00000000 ____D C:\Users\Karissa\AppData\Local\MicrosoftEdge
2017-02-04 02:16 - 2017-02-04 03:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-04 02:02 - 2017-02-04 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Mozilla
2017-02-03 23:07 - 2017-02-03 23:08 - 00000000 ____D C:\Users\Karissa\AppData\Local\Mozilla
2017-02-03 23:07 - 2017-02-03 23:07 - 00004890 _____ C:\Windows\System32\Tasks\AcerCMUpdateTask2.1.16258
2017-02-03 23:07 - 2017-02-03 23:07 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Macromedia
2017-02-03 23:01 - 2017-02-03 23:01 - 00000000 ____D C:\Users\Karissa\AppData\Local\Comms
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\WildTangent
2017-02-03 22:58 - 2017-02-03 22:58 - 00000000 ____D C:\Users\Karissa\AppData\Local\IIIQF
2017-02-03 22:56 - 2017-02-03 22:56 - 00002348 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-03 22:56 - 2017-02-03 22:56 - 00000000 ___RD C:\Users\Karissa\OneDrive
2017-02-03 22:55 - 2017-02-03 22:55 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Intel Corporation
2017-02-03 22:54 - 2017-02-03 22:54 - 00001337 _____ C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-02-03 22:54 - 2017-02-03 22:54 - 00000000 ____D C:\Users\Karissa\AppData\Local\CareCenter
2017-02-03 22:53 - 2017-02-03 22:53 - 00000000 ____D C:\Users\Karissa\AppData\Local\ActiveSync
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\PicStream
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\Publishers
2017-02-03 22:52 - 2017-02-03 22:52 - 00000000 ____D C:\Users\Karissa\AppData\Local\AOP SDK
2017-02-03 22:51 - 2017-02-03 22:51 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-03 22:50 - 2017-02-04 00:20 - 00000000 ____D C:\Users\Karissa\AppData\Local\Packages
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ___HD C:\ProgramData\O949
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Adobe
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\VirtualStore
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\Users\Karissa\AppData\Local\TileDataLayer
2017-02-03 22:50 - 2017-02-03 22:50 - 00000000 ____D C:\ProgramData\Dashlane
2017-02-03 22:49 - 2017-02-04 00:14 - 00000000 ____D C:\Users\Karissa
2017-02-03 22:49 - 2017-02-03 22:50 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-03 22:49 - 2017-02-03 22:49 - 00000020 ___SH C:\Users\Karissa\ntuser.ini
2017-02-03 22:49 - 2017-02-03 22:49 - 00000000 ____D C:\Windows\oem
2017-02-03 22:49 - 2016-11-10 18:42 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 __RSD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-03 22:49 - 2015-10-30 02:24 - 00000000 ____D C:\Users\Karissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 14:31 - 2016-11-10 20:02 - 00003118 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2017-02-04 14:31 - 2016-05-04 22:01 - 00003852 _____ C:\Windows\System32\Tasks\ACCAgent
2017-02-04 14:30 - 2016-11-10 20:32 - 00002074 _____ C:\Windows\System32\Tasks\FUBTrackingByPLD
2017-02-04 14:30 - 2016-11-10 20:21 - 00002256 _____ C:\Windows\System32\Tasks\Power Button
2017-02-04 14:30 - 2016-11-10 20:21 - 00002180 _____ C:\Windows\System32\Tasks\Quick Access
2017-02-04 14:30 - 2016-05-04 22:07 - 00002564 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-02-04 14:30 - 2016-05-04 22:04 - 00002496 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-04 14:30 - 2016-05-04 22:01 - 00004302 _____ C:\Windows\System32\Tasks\Software Update Application
2017-02-04 14:30 - 2016-05-04 22:01 - 00002820 _____ C:\Windows\System32\Tasks\ACC
2017-02-04 14:30 - 2016-05-04 22:01 - 00002328 _____ C:\Windows\System32\Tasks\ACCBackgroundApplication
2017-02-04 14:30 - 2015-10-30 01:28 - 00000000 __RHD C:\Users\Default
2017-02-04 04:28 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\sru
2017-02-04 03:44 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp
2017-02-04 03:32 - 2016-11-10 18:04 - 00827564 _____ C:\Windows\system32\perfh00C.dat
2017-02-04 03:32 - 2016-11-10 18:04 - 00158080 _____ C:\Windows\system32\perfc00C.dat
2017-02-04 03:32 - 2016-05-04 22:13 - 01848468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 03:32 - 2016-05-04 22:01 - 00000000 ____D C:\Program Files (x86)\Acer
2017-02-04 03:32 - 2016-05-04 21:58 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-02-04 03:30 - 2016-11-10 20:02 - 00009321 _____ C:\Windows\SysWOW64\Gms.log
2017-02-04 03:27 - 2016-02-13 08:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-04 03:26 - 2016-05-04 21:51 - 00008110 _____ C:\Windows\PFRO.log
2017-02-04 03:26 - 2016-02-13 08:11 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-04 03:26 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\F12
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PrintDialog
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\SysWOW64\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\setup
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\fr-CA
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning
2017-02-04 03:24 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:31 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-04 03:24 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-04 03:23 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-04 03:18 - 2016-05-04 22:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-04 03:11 - 2016-11-10 20:13 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-04 03:11 - 2016-05-04 22:51 - 00000000 ____D C:\Windows\Panther
2017-02-04 02:36 - 2015-10-30 02:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-04 02:02 - 2016-11-10 18:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 02:02 - 2016-11-10 18:18 - 00002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 02:00 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness
2017-02-04 01:13 - 2016-05-04 22:02 - 00000000 ____D C:\Program Files\Acer
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\OEM
2017-02-04 01:13 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-02-03 23:34 - 2016-05-04 22:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-03 23:28 - 2016-11-10 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 23:17 - 2016-02-13 08:12 - 00197440 _____ C:\Windows\setupact.log
2017-02-03 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\restore
2017-02-03 23:07 - 2016-05-04 22:46 - 00000000 ___HD C:\OEM
2017-02-03 23:07 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\Acer
2017-02-03 23:07 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-02-03 23:06 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat
2017-02-03 23:04 - 2016-11-10 20:14 - 00000000 ___HD C:\ProgramData\{A90E7F59-66F4-44B3-AE99-B9C20B6DA5CE}
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-03 22:58 - 2016-05-04 22:01 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-03 22:58 - 2015-10-30 01:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
==================== Files in the root of some directories =======
2017-02-04 04:49 - 2017-02-04 04:49 - 0007626 _____ () C:\Users\Karissa\AppData\Local\Resmon.ResmonCfg
2016-11-10 19:27 - 2016-11-10 19:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Karissa\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Karissa\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-04 21:51
==================== End of FRST.txt ============================