BethL
Posts: 16 +0
My computer has all the signs that it's infected, but no scan I have done with anything seems to want to pick anything up. I would really appreciate some help. Here are the requested logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Ran by Leah (administrator) on LEAH (04-06-2017 06:49:13)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\bin\rubyw.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\McCSPServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-04-08] (The NWJS Community)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{9d9b7f5e-7163-444c-87a8-c985a673df4f}: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{b8cc37ae-8221-43cf-882b-4f1991adb266}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d9866d9f-551b-4b8c-ba39-4306626e0b6d}: [DhcpNameServer] 20.0.1.5 20.0.1.6
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo/
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-86620361-1279893241-792249848-1001 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-11] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: 3sksgfqa.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default [2017-06-04]
FF Extension: (ClipConverter) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\clipconverter@clipconverter.cc.xpi [2017-04-07]
FF Extension: (DuckDuckGo Plus) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-04-27]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-05-14] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-03-18] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [1001520 2017-04-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\\McCSPServiceHost.exe [2115584 2017-04-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241664 2017-03-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384504 2017-03-17] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-03-17] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1582560 2017-04-27] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 0322531494286731mcinstcleanup; C:\WINDOWS\TEMP\032253~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [87568 2017-04-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-03-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-03-18] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [485904 2017-04-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [363024 2017-04-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [514576 2017-04-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2017-04-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-04-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-04-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-03-18] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S0 ysyfer; no ImagePath
S3 ibtusb; \SystemRoot\system32\DRIVERS\ibtusb.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-04 06:49 - 2017-06-04 06:49 - 00020654 ____C C:\Users\Leah\Downloads\FRST.txt
2017-06-04 06:48 - 2017-06-04 06:49 - 00000000 ___DC C:\FRST
2017-06-04 06:48 - 2017-06-04 06:48 - 02433536 ____C (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2017-06-04 05:36 - 2017-06-04 05:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-06-04 05:34 - 2017-06-04 05:34 - 06754944 ____C (ESET spol. s r.o.) C:\Users\Leah\Downloads\esetonlinescanner_enu.exe
2017-06-04 05:34 - 2017-06-04 05:34 - 00000000 ___DC C:\Users\Leah\AppData\Local\ESET
2017-06-04 05:30 - 2017-06-04 05:30 - 00110868 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_05.30.21_log.txt
2017-06-04 05:27 - 2017-06-04 05:27 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-04 03:47 - 2017-06-04 03:47 - 00000017 ____C C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 03:14 - 2017-06-04 03:14 - 00029139 ____C C:\ProgramData\agent.1496567682.bdinstall.bin
2017-06-04 03:08 - 2017-06-04 03:08 - 00000000 ___DC C:\Users\Leah\Documents\cce_2.5.242177.201_x64
2017-06-04 03:07 - 2017-06-04 03:07 - 02030536 ____C (Bleeping Computer, LLC) C:\Users\Leah\Downloads\rkill.com
2017-06-04 03:00 - 2017-06-04 03:02 - 00097926 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_03.00.28_log.txt
2017-06-04 02:59 - 2017-06-04 03:00 - 04922400 ____C (AO Kaspersky Lab) C:\Users\Leah\Downloads\tdsskiller.exe
2017-06-04 02:40 - 2017-06-04 02:40 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\QuickScan
2017-06-04 02:39 - 2017-06-04 02:39 - 00046846 ____C C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 02:39 - 2017-06-04 02:39 - 00000000 ___DC C:\ProgramData\Bitdefender Agent
2017-06-04 02:33 - 2017-06-04 02:33 - 04860560 ____C (Krzysztof Kowalczyk) C:\Users\Leah\Downloads\SumatraPDF-3.1.2-install.exe
2017-06-04 02:33 - 2017-06-04 02:33 - 00002001 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-06-04 02:33 - 2017-06-04 02:33 - 00000000 ___DC C:\Program Files (x86)\SumatraPDF
2017-06-04 02:14 - 2017-06-04 02:14 - 00004090 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2017-06-04 02:14 - 2017-06-04 02:14 - 00001717 ____C C:\Users\Leah\Desktop\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00001601 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2017-06-04 02:13 - 2017-06-04 02:14 - 00003804 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\Users\Leah\AppData\Local\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:13 - 00000352 ____C C:\WINDOWS\Tasks\Health-Check-deep.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000350 ____C C:\WINDOWS\Tasks\Health-Check-auto.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000344 ____C C:\WINDOWS\Tasks\Health-Check.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000000 ___DC C:\Program Files (x86)\Innovative Solutions
2017-06-04 02:13 - 2014-03-07 10:25 - 00042496 ____C C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl
2017-06-04 02:11 - 2017-06-04 02:11 - 19316456 ____C (Innovative Solutions ) C:\Users\Leah\Downloads\Advanced_Uninstaller11.exe
2017-06-02 04:02 - 2017-06-02 04:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-23 10:52 - 2017-05-23 10:52 - 01028206 ____C C:\Users\Leah\Downloads\endocrine_disruptors_508.pdf
2017-05-21 23:34 - 2017-05-21 23:34 - 05819254 ____C C:\Users\Leah\Downloads\in-the-lymelight.pdf
2017-05-10 11:41 - 2017-05-10 12:58 - 00003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-05-08 05:26 - 2017-05-08 05:26 - 01947648 ____C C:\Users\Leah\Downloads\ascension-studyguide.pdf
2017-05-06 19:41 - 2017-05-06 19:41 - 00695217 ____C C:\Users\Leah\Downloads\JTS-3-187.pdf
2017-05-06 03:52 - 2017-05-06 03:52 - 00059578 ____C C:\Users\Leah\Downloads\Kolb Learning Styles quick assessment.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-04 06:16 - 2016-05-04 05:58 - 00000000 ___DC C:\Program Files (x86)\Online Services
2017-06-04 05:40 - 2016-11-20 12:51 - 02611930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-04 05:36 - 2017-02-05 12:10 - 00000000 ___DC C:\Users\Leah\AppData\Local\CrashDumps
2017-06-04 05:33 - 2017-02-07 09:54 - 00000000 ___DC C:\Users\Leah
2017-06-04 05:33 - 2017-02-03 18:22 - 00000000 ___DC C:\Users\Leah\AppData\LocalLow\Mozilla
2017-06-04 05:33 - 2017-02-03 14:42 - 00000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
2017-06-04 05:32 - 2017-02-05 16:50 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-06-04 05:32 - 2016-11-20 12:41 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-06-04 05:32 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-04 05:29 - 2017-03-24 04:03 - 00000000 ___DC C:\Users\Leah\AppData\Local\ElevatedDiagnostics
2017-06-04 05:24 - 2016-11-20 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-04 03:55 - 2017-02-03 14:42 - 00000000 ___DC C:\Users\Leah\AppData\Local\Packages
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 __HDC C:\Program Files\WindowsApps
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\AppReadiness
2017-06-04 03:43 - 2017-02-12 03:45 - 00000000 ___DC C:\Program Files (x86)\Google
2017-06-04 03:38 - 2017-02-15 01:11 - 00000000 ___DC C:\Users\Leah\Desktop\Shortcuts
2017-06-04 03:17 - 2017-04-12 03:28 - 00000000 ___DC C:\Users\Leah\Desktop\Humans Becoming, LLC
2017-06-04 03:15 - 2017-02-18 19:08 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-04 02:41 - 2017-02-08 14:35 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-06-04 02:07 - 2017-02-08 13:49 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Zoom
2017-06-04 02:07 - 2016-11-24 08:07 - 00000000 ___DC C:\ProgramData\HP
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Local\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Program Files\Opera
2017-06-03 16:30 - 2017-03-21 10:59 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-01 22:01 - 2017-03-11 17:57 - 00000360 ____C C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-06-01 21:52 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-06-01 21:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-01 10:11 - 2017-03-11 17:57 - 00003326 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLeah
2017-05-31 13:03 - 2017-04-19 06:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-25 22:50 - 2016-07-16 05:47 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 22:49 - 2016-05-04 05:59 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2017-05-25 21:39 - 2017-02-03 18:45 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\vlc
2017-05-25 11:24 - 2017-03-10 17:47 - 00000000 ___DC C:\Users\Leah\Desktop\Writings and ruminations
2017-05-25 08:01 - 2016-11-24 08:16 - 00000000 ___DC C:\ProgramData\McAfee
2017-05-21 07:22 - 2017-02-07 09:57 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-21 07:22 - 2017-02-07 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-20 02:26 - 2017-02-03 17:50 - 00000000 ___DC C:\Program Files\Common Files\McAfee
2017-05-20 02:24 - 2016-07-16 05:47 - 00000000 __HDC C:\WINDOWS\ELAMBKUP
2017-05-14 22:58 - 2017-03-10 17:51 - 00000000 ___DC C:\Users\Leah\Desktop\Rocks I bought
2017-05-10 20:55 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-09 03:51 - 2017-02-15 01:14 - 00000000 ___DC C:\Users\Leah\Desktop\School
2017-05-08 17:38 - 2017-02-03 18:11 - 00000000 ___DC C:\Program Files (x86)\McAfee
==================== Files in the root of some directories =======
2017-06-04 03:47 - 2017-06-04 03:47 - 0000017 ____C () C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 02:39 - 2017-06-04 02:39 - 0046846 ____C () C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 03:14 - 2017-06-04 03:14 - 0029139 ____C () C:\ProgramData\agent.1496567682.bdinstall.bin
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-26 13:07
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Ran by Leah (administrator) on LEAH (04-06-2017 06:49:13)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\bin\rubyw.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\McCSPServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-04-08] (The NWJS Community)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{9d9b7f5e-7163-444c-87a8-c985a673df4f}: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{b8cc37ae-8221-43cf-882b-4f1991adb266}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d9866d9f-551b-4b8c-ba39-4306626e0b6d}: [DhcpNameServer] 20.0.1.5 20.0.1.6
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo/
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-86620361-1279893241-792249848-1001 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-11] (McAfee, Inc.)
FireFox:
========
FF DefaultProfile: 3sksgfqa.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default [2017-06-04]
FF Extension: (ClipConverter) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\clipconverter@clipconverter.cc.xpi [2017-04-07]
FF Extension: (DuckDuckGo Plus) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-04-27]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-05-14] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-03-18] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [1001520 2017-04-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\\McCSPServiceHost.exe [2115584 2017-04-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241664 2017-03-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384504 2017-03-17] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-03-17] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1582560 2017-04-27] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 0322531494286731mcinstcleanup; C:\WINDOWS\TEMP\032253~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [87568 2017-04-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-03-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-03-18] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [485904 2017-04-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [363024 2017-04-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [514576 2017-04-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2017-04-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-04-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-04-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-03-18] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S0 ysyfer; no ImagePath
S3 ibtusb; \SystemRoot\system32\DRIVERS\ibtusb.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-04 06:49 - 2017-06-04 06:49 - 00020654 ____C C:\Users\Leah\Downloads\FRST.txt
2017-06-04 06:48 - 2017-06-04 06:49 - 00000000 ___DC C:\FRST
2017-06-04 06:48 - 2017-06-04 06:48 - 02433536 ____C (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2017-06-04 05:36 - 2017-06-04 05:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-06-04 05:34 - 2017-06-04 05:34 - 06754944 ____C (ESET spol. s r.o.) C:\Users\Leah\Downloads\esetonlinescanner_enu.exe
2017-06-04 05:34 - 2017-06-04 05:34 - 00000000 ___DC C:\Users\Leah\AppData\Local\ESET
2017-06-04 05:30 - 2017-06-04 05:30 - 00110868 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_05.30.21_log.txt
2017-06-04 05:27 - 2017-06-04 05:27 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-04 03:47 - 2017-06-04 03:47 - 00000017 ____C C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 03:14 - 2017-06-04 03:14 - 00029139 ____C C:\ProgramData\agent.1496567682.bdinstall.bin
2017-06-04 03:08 - 2017-06-04 03:08 - 00000000 ___DC C:\Users\Leah\Documents\cce_2.5.242177.201_x64
2017-06-04 03:07 - 2017-06-04 03:07 - 02030536 ____C (Bleeping Computer, LLC) C:\Users\Leah\Downloads\rkill.com
2017-06-04 03:00 - 2017-06-04 03:02 - 00097926 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_03.00.28_log.txt
2017-06-04 02:59 - 2017-06-04 03:00 - 04922400 ____C (AO Kaspersky Lab) C:\Users\Leah\Downloads\tdsskiller.exe
2017-06-04 02:40 - 2017-06-04 02:40 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\QuickScan
2017-06-04 02:39 - 2017-06-04 02:39 - 00046846 ____C C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 02:39 - 2017-06-04 02:39 - 00000000 ___DC C:\ProgramData\Bitdefender Agent
2017-06-04 02:33 - 2017-06-04 02:33 - 04860560 ____C (Krzysztof Kowalczyk) C:\Users\Leah\Downloads\SumatraPDF-3.1.2-install.exe
2017-06-04 02:33 - 2017-06-04 02:33 - 00002001 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-06-04 02:33 - 2017-06-04 02:33 - 00000000 ___DC C:\Program Files (x86)\SumatraPDF
2017-06-04 02:14 - 2017-06-04 02:14 - 00004090 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2017-06-04 02:14 - 2017-06-04 02:14 - 00001717 ____C C:\Users\Leah\Desktop\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00001601 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2017-06-04 02:13 - 2017-06-04 02:14 - 00003804 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\Users\Leah\AppData\Local\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:13 - 00000352 ____C C:\WINDOWS\Tasks\Health-Check-deep.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000350 ____C C:\WINDOWS\Tasks\Health-Check-auto.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000344 ____C C:\WINDOWS\Tasks\Health-Check.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000000 ___DC C:\Program Files (x86)\Innovative Solutions
2017-06-04 02:13 - 2014-03-07 10:25 - 00042496 ____C C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl
2017-06-04 02:11 - 2017-06-04 02:11 - 19316456 ____C (Innovative Solutions ) C:\Users\Leah\Downloads\Advanced_Uninstaller11.exe
2017-06-02 04:02 - 2017-06-02 04:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-23 10:52 - 2017-05-23 10:52 - 01028206 ____C C:\Users\Leah\Downloads\endocrine_disruptors_508.pdf
2017-05-21 23:34 - 2017-05-21 23:34 - 05819254 ____C C:\Users\Leah\Downloads\in-the-lymelight.pdf
2017-05-10 11:41 - 2017-05-10 12:58 - 00003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-05-08 05:26 - 2017-05-08 05:26 - 01947648 ____C C:\Users\Leah\Downloads\ascension-studyguide.pdf
2017-05-06 19:41 - 2017-05-06 19:41 - 00695217 ____C C:\Users\Leah\Downloads\JTS-3-187.pdf
2017-05-06 03:52 - 2017-05-06 03:52 - 00059578 ____C C:\Users\Leah\Downloads\Kolb Learning Styles quick assessment.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-04 06:16 - 2016-05-04 05:58 - 00000000 ___DC C:\Program Files (x86)\Online Services
2017-06-04 05:40 - 2016-11-20 12:51 - 02611930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-04 05:36 - 2017-02-05 12:10 - 00000000 ___DC C:\Users\Leah\AppData\Local\CrashDumps
2017-06-04 05:33 - 2017-02-07 09:54 - 00000000 ___DC C:\Users\Leah
2017-06-04 05:33 - 2017-02-03 18:22 - 00000000 ___DC C:\Users\Leah\AppData\LocalLow\Mozilla
2017-06-04 05:33 - 2017-02-03 14:42 - 00000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
2017-06-04 05:32 - 2017-02-05 16:50 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-06-04 05:32 - 2016-11-20 12:41 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-06-04 05:32 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-04 05:29 - 2017-03-24 04:03 - 00000000 ___DC C:\Users\Leah\AppData\Local\ElevatedDiagnostics
2017-06-04 05:24 - 2016-11-20 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-04 03:55 - 2017-02-03 14:42 - 00000000 ___DC C:\Users\Leah\AppData\Local\Packages
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 __HDC C:\Program Files\WindowsApps
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\AppReadiness
2017-06-04 03:43 - 2017-02-12 03:45 - 00000000 ___DC C:\Program Files (x86)\Google
2017-06-04 03:38 - 2017-02-15 01:11 - 00000000 ___DC C:\Users\Leah\Desktop\Shortcuts
2017-06-04 03:17 - 2017-04-12 03:28 - 00000000 ___DC C:\Users\Leah\Desktop\Humans Becoming, LLC
2017-06-04 03:15 - 2017-02-18 19:08 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-04 02:41 - 2017-02-08 14:35 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-06-04 02:07 - 2017-02-08 13:49 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Zoom
2017-06-04 02:07 - 2016-11-24 08:07 - 00000000 ___DC C:\ProgramData\HP
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Local\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Program Files\Opera
2017-06-03 16:30 - 2017-03-21 10:59 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-01 22:01 - 2017-03-11 17:57 - 00000360 ____C C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-06-01 21:52 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-06-01 21:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-01 10:11 - 2017-03-11 17:57 - 00003326 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLeah
2017-05-31 13:03 - 2017-04-19 06:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-25 22:50 - 2016-07-16 05:47 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 22:49 - 2016-05-04 05:59 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2017-05-25 21:39 - 2017-02-03 18:45 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\vlc
2017-05-25 11:24 - 2017-03-10 17:47 - 00000000 ___DC C:\Users\Leah\Desktop\Writings and ruminations
2017-05-25 08:01 - 2016-11-24 08:16 - 00000000 ___DC C:\ProgramData\McAfee
2017-05-21 07:22 - 2017-02-07 09:57 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-21 07:22 - 2017-02-07 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-20 02:26 - 2017-02-03 17:50 - 00000000 ___DC C:\Program Files\Common Files\McAfee
2017-05-20 02:24 - 2016-07-16 05:47 - 00000000 __HDC C:\WINDOWS\ELAMBKUP
2017-05-14 22:58 - 2017-03-10 17:51 - 00000000 ___DC C:\Users\Leah\Desktop\Rocks I bought
2017-05-10 20:55 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-09 03:51 - 2017-02-15 01:14 - 00000000 ___DC C:\Users\Leah\Desktop\School
2017-05-08 17:38 - 2017-02-03 18:11 - 00000000 ___DC C:\Program Files (x86)\McAfee
==================== Files in the root of some directories =======
2017-06-04 03:47 - 2017-06-04 03:47 - 0000017 ____C () C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 02:39 - 2017-06-04 02:39 - 0046846 ____C () C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 03:14 - 2017-06-04 03:14 - 0029139 ____C () C:\ProgramData\agent.1496567682.bdinstall.bin
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-26 13:07
==================== End of FRST.txt ============================