Solved Malware/Virus?

BethL

BethL

Posts: 16   +0
My computer has all the signs that it's infected, but no scan I have done with anything seems to want to pick anything up. I would really appreciate some help. Here are the requested logs:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Ran by Leah (administrator) on LEAH (04-06-2017 06:49:13)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\bin\rubyw.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\McCSPServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-04-08] (The NWJS Community)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{9d9b7f5e-7163-444c-87a8-c985a673df4f}: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{b8cc37ae-8221-43cf-882b-4f1991adb266}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d9866d9f-551b-4b8c-ba39-4306626e0b6d}: [DhcpNameServer] 20.0.1.5 20.0.1.6

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo/
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-86620361-1279893241-792249848-1001 -> {7A833495-089E-400B-9571-398895D3A393} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-25] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-25] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-11] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 3sksgfqa.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default [2017-06-04]
FF Extension: (ClipConverter) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\clipconverter@clipconverter.cc.xpi [2017-04-07]
FF Extension: (DuckDuckGo Plus) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-04-27]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-05-14] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-03-18] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [1001520 2017-04-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\\McCSPServiceHost.exe [2115584 2017-04-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241664 2017-03-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384504 2017-03-17] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-03-17] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1582560 2017-04-27] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
S2 0322531494286731mcinstcleanup; C:\WINDOWS\TEMP\032253~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [87568 2017-04-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-03-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-03-18] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [485904 2017-04-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [363024 2017-04-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [514576 2017-04-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2017-04-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-04-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-04-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-03-18] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S0 ysyfer; no ImagePath
S3 ibtusb; \SystemRoot\system32\DRIVERS\ibtusb.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-04 06:49 - 2017-06-04 06:49 - 00020654 ____C C:\Users\Leah\Downloads\FRST.txt
2017-06-04 06:48 - 2017-06-04 06:49 - 00000000 ___DC C:\FRST
2017-06-04 06:48 - 2017-06-04 06:48 - 02433536 ____C (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2017-06-04 05:36 - 2017-06-04 05:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-06-04 05:34 - 2017-06-04 05:34 - 06754944 ____C (ESET spol. s r.o.) C:\Users\Leah\Downloads\esetonlinescanner_enu.exe
2017-06-04 05:34 - 2017-06-04 05:34 - 00000000 ___DC C:\Users\Leah\AppData\Local\ESET
2017-06-04 05:30 - 2017-06-04 05:30 - 00110868 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_05.30.21_log.txt
2017-06-04 05:27 - 2017-06-04 05:27 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-04 03:47 - 2017-06-04 03:47 - 00000017 ____C C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 03:14 - 2017-06-04 03:14 - 00029139 ____C C:\ProgramData\agent.1496567682.bdinstall.bin
2017-06-04 03:08 - 2017-06-04 03:08 - 00000000 ___DC C:\Users\Leah\Documents\cce_2.5.242177.201_x64
2017-06-04 03:07 - 2017-06-04 03:07 - 02030536 ____C (Bleeping Computer, LLC) C:\Users\Leah\Downloads\rkill.com
2017-06-04 03:00 - 2017-06-04 03:02 - 00097926 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_03.00.28_log.txt
2017-06-04 02:59 - 2017-06-04 03:00 - 04922400 ____C (AO Kaspersky Lab) C:\Users\Leah\Downloads\tdsskiller.exe
2017-06-04 02:40 - 2017-06-04 02:40 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\QuickScan
2017-06-04 02:39 - 2017-06-04 02:39 - 00046846 ____C C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 02:39 - 2017-06-04 02:39 - 00000000 ___DC C:\ProgramData\Bitdefender Agent
2017-06-04 02:33 - 2017-06-04 02:33 - 04860560 ____C (Krzysztof Kowalczyk) C:\Users\Leah\Downloads\SumatraPDF-3.1.2-install.exe
2017-06-04 02:33 - 2017-06-04 02:33 - 00002001 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-06-04 02:33 - 2017-06-04 02:33 - 00000000 ___DC C:\Program Files (x86)\SumatraPDF
2017-06-04 02:14 - 2017-06-04 02:14 - 00004090 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2017-06-04 02:14 - 2017-06-04 02:14 - 00001717 ____C C:\Users\Leah\Desktop\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00001601 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2017-06-04 02:13 - 2017-06-04 02:14 - 00003804 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\Users\Leah\AppData\Local\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:13 - 00000352 ____C C:\WINDOWS\Tasks\Health-Check-deep.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000350 ____C C:\WINDOWS\Tasks\Health-Check-auto.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000344 ____C C:\WINDOWS\Tasks\Health-Check.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000000 ___DC C:\Program Files (x86)\Innovative Solutions
2017-06-04 02:13 - 2014-03-07 10:25 - 00042496 ____C C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl
2017-06-04 02:11 - 2017-06-04 02:11 - 19316456 ____C (Innovative Solutions ) C:\Users\Leah\Downloads\Advanced_Uninstaller11.exe
2017-06-02 04:02 - 2017-06-02 04:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-23 10:52 - 2017-05-23 10:52 - 01028206 ____C C:\Users\Leah\Downloads\endocrine_disruptors_508.pdf
2017-05-21 23:34 - 2017-05-21 23:34 - 05819254 ____C C:\Users\Leah\Downloads\in-the-lymelight.pdf
2017-05-10 11:41 - 2017-05-10 12:58 - 00003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-05-08 05:26 - 2017-05-08 05:26 - 01947648 ____C C:\Users\Leah\Downloads\ascension-studyguide.pdf
2017-05-06 19:41 - 2017-05-06 19:41 - 00695217 ____C C:\Users\Leah\Downloads\JTS-3-187.pdf
2017-05-06 03:52 - 2017-05-06 03:52 - 00059578 ____C C:\Users\Leah\Downloads\Kolb Learning Styles quick assessment.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-04 06:16 - 2016-05-04 05:58 - 00000000 ___DC C:\Program Files (x86)\Online Services
2017-06-04 05:40 - 2016-11-20 12:51 - 02611930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-04 05:36 - 2017-02-05 12:10 - 00000000 ___DC C:\Users\Leah\AppData\Local\CrashDumps
2017-06-04 05:33 - 2017-02-07 09:54 - 00000000 ___DC C:\Users\Leah
2017-06-04 05:33 - 2017-02-03 18:22 - 00000000 ___DC C:\Users\Leah\AppData\LocalLow\Mozilla
2017-06-04 05:33 - 2017-02-03 14:42 - 00000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
2017-06-04 05:32 - 2017-02-05 16:50 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-06-04 05:32 - 2016-11-20 12:41 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-06-04 05:32 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-04 05:29 - 2017-03-24 04:03 - 00000000 ___DC C:\Users\Leah\AppData\Local\ElevatedDiagnostics
2017-06-04 05:24 - 2016-11-20 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-04 03:55 - 2017-02-03 14:42 - 00000000 ___DC C:\Users\Leah\AppData\Local\Packages
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 __HDC C:\Program Files\WindowsApps
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\AppReadiness
2017-06-04 03:43 - 2017-02-12 03:45 - 00000000 ___DC C:\Program Files (x86)\Google
2017-06-04 03:38 - 2017-02-15 01:11 - 00000000 ___DC C:\Users\Leah\Desktop\Shortcuts
2017-06-04 03:17 - 2017-04-12 03:28 - 00000000 ___DC C:\Users\Leah\Desktop\Humans Becoming, LLC
2017-06-04 03:15 - 2017-02-18 19:08 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-04 02:41 - 2017-02-08 14:35 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-06-04 02:07 - 2017-02-08 13:49 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Zoom
2017-06-04 02:07 - 2016-11-24 08:07 - 00000000 ___DC C:\ProgramData\HP
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Local\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Program Files\Opera
2017-06-03 16:30 - 2017-03-21 10:59 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-01 22:01 - 2017-03-11 17:57 - 00000360 ____C C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-06-01 21:52 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-06-01 21:04 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-01 10:11 - 2017-03-11 17:57 - 00003326 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLeah
2017-05-31 13:03 - 2017-04-19 06:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-25 22:50 - 2016-07-16 05:47 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 22:49 - 2016-05-04 05:59 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2017-05-25 21:39 - 2017-02-03 18:45 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\vlc
2017-05-25 11:24 - 2017-03-10 17:47 - 00000000 ___DC C:\Users\Leah\Desktop\Writings and ruminations
2017-05-25 08:01 - 2016-11-24 08:16 - 00000000 ___DC C:\ProgramData\McAfee
2017-05-21 07:22 - 2017-02-07 09:57 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-21 07:22 - 2017-02-07 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-20 02:26 - 2017-02-03 17:50 - 00000000 ___DC C:\Program Files\Common Files\McAfee
2017-05-20 02:24 - 2016-07-16 05:47 - 00000000 __HDC C:\WINDOWS\ELAMBKUP
2017-05-14 22:58 - 2017-03-10 17:51 - 00000000 ___DC C:\Users\Leah\Desktop\Rocks I bought
2017-05-10 20:55 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-09 03:51 - 2017-02-15 01:14 - 00000000 ___DC C:\Users\Leah\Desktop\School
2017-05-08 17:38 - 2017-02-03 18:11 - 00000000 ___DC C:\Program Files (x86)\McAfee

==================== Files in the root of some directories =======

2017-06-04 03:47 - 2017-06-04 03:47 - 0000017 ____C () C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 02:39 - 2017-06-04 02:39 - 0046846 ____C () C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 03:14 - 2017-06-04 03:14 - 0029139 ____C () C:\ProgramData\agent.1496567682.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-26 13:07
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by Leah (04-06-2017 06:49:39)
Running from C:\Users\Leah\Downloads
Windows 10 Pro Version 1607 (X64) (2017-02-07 15:58:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-86620361-1279893241-792249848-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-86620361-1279893241-792249848-503 - Limited - Disabled)
Guest (S-1-5-21-86620361-1279893241-792249848-501 - Limited - Disabled)
Leah (S-1-5-21-86620361-1279893241-792249848-1001 - Administrator - Enabled) => C:\Users\Leah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.17.0.86 - Innovative Solutions)
Ansel (Version: 376.82 - NVIDIA Corporation) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{46caed41-afbb-4279-ba3b-0ef2f20f05fa}) (Version: 19.20.0001.5153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.137 - McAfee, Inc.)
McAfee® Internet Security (HKLM-x32\...\MSC) (Version: 16.0.0 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2025 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8201.2025 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8201.2025 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2025 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.8067.2070 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7770 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B116A95-280C-45C5-8620-C4D17EFE687E} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2017-01-30] ()
Task: {0F5A1111-A502-4F5D-AB08-705292B945D3} - System32\Tasks\HPCeeScheduleForLeah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {12788664-C81F-4046-9F04-B394F5E9C597} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-25] (Microsoft Corporation)
Task: {17E64F4E-9166-4428-869C-23DE740F137E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)
Task: {22F501B0-4B6A-4A23-B5CF-6B9D6A2726F8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {2677519D-B013-4285-BA4A-4AB9624BEA60} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2EEEC16E-05F6-4BF8-B6EF-F958CA8C5937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {32494DE3-891B-4D20-92D4-DE176ABC6984} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {33C69C93-9033-4BB3-A620-80E4AE538C3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {3514114B-09C3-4556-8CC0-00AF5FE82CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3CB1F010-34AB-43BB-95F2-453C591E54F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3F0AA9AD-B568-45A1-95D1-D4C56E74FF02} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-04-11] (McAfee, Inc.)
Task: {63ACB2AE-0A79-4FBC-AE95-0D7F5FDC5C1F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {6691C862-50D9-4DE5-AD3F-4B2FFAF480BB} - System32\Tasks\HPDAS => C:\Program
Task: {6A583F68-DFF8-4EAC-B875-F280940E3F1C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
Task: {6CF063A7-2825-47DF-9324-8C3277AAA11A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {7968D0AA-D816-4841-BCBB-C463FA03A4C4} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {8204E6CB-0946-4D34-A9D8-E2658AD239F2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8435C19E-ECC3-4591-8835-AF11DE93A8F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {8B0191BB-9C5C-40B7-825D-7E4A3C9B17C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-25] (Microsoft Corporation)
Task: {934A74E5-B5EB-4AC6-AD4D-1DF5422923BA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03] (Dropbox, Inc.)
Task: {9D6CC28F-5F08-4838-A63E-DFA0386BC04E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {AED42F76-0346-4B8B-B22C-B5365F4F76A0} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-04-08] ()
Task: {C9ADD7CF-C9C3-4C73-9A44-1AB1F4BED4B9} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {CFB603FE-1957-4FB4-8CC6-C10AE816AB7C} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {D5B365E7-5DC2-48B0-BF0E-E313BEDE9DCF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {E1759F9B-3D0C-44A6-B9B7-C31C951CA3DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
Task: {E1F508FC-4448-4E34-B8DA-DAB0A1737577} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {E3B0E3E9-D46A-435B-BD91-62CC595E1C35} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2017-01-30] (Innovative Solutions GRUP SRL)
Task: {EB3B54B7-BE2D-4702-919E-2FEF62FA2492} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03] (Dropbox, Inc.)
Task: {EEAECFB7-46D4-45F4-B4D1-E697BAE13BF8} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {F0595B6C-42F1-4073-BDE5-36A68F65DFEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {F720C5DE-384C-44C2-88C0-771D4E53F88B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {F7438BCF-C51B-4891-BEFB-025D3C717A5D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {F97C619C-23BF-457F-A5B7-3F591A5A091A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FE884F9B-01DD-4BAB-9412-DC9CF3199C26} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-07 10:47 - 2017-02-07 10:47 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-04 10:11 - 2017-02-06 05:37 - 00134712 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-08 03:24 - 2017-04-08 03:26 - 08451115 ____C () C:\Program Files\pia_manager\pia_manager.exe
2017-03-12 07:24 - 2017-05-25 22:48 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-20 12:11 - 2016-11-20 12:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-07 14:12 - 2017-04-07 14:12 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-04-19 06:40 - 2017-05-09 11:44 - 01101640 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll
2017-04-19 06:40 - 2017-05-09 11:46 - 00607440 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-04-08 03:24 - 2017-04-08 03:26 - 00694272 ____C () C:\Program Files\pia_manager\openvpn.exe
2017-04-08 03:24 - 2017-04-08 03:26 - 00190317 ____C () C:\Program Files\pia_manager\liblzo2-2.dll
2017-04-08 03:24 - 2017-04-08 03:26 - 00108441 ____C () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2017-04-08 03:24 - 2017-04-08 03:26 - 00144896 ____C () C:\Program Files\pia_manager\pia-openvpn.dll
2017-06-04 02:13 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2017-06-04 02:14 - 2017-01-30 13:08 - 00010600 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2017-06-04 05:33 - 2017-06-04 05:33 - 00012800 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00009728 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00014848 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00094208 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\src\rgloader\rgloader193.mswin.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00009216 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00094208 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00126976 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00087552 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00016384 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00127316 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\bin\libffi-6.dll
2017-06-04 05:33 - 2017-06-04 05:33 - 00008704 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00013312 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00095744 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00026624 ____C () C:\Users\Leah\AppData\Local\Temp\ocr4E9D.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00012800 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00009728 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00014848 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00094208 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\src\rgloader\rgloader193.mswin.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00094208 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00118784 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00069120 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00083968 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\bin\zlib1.dll
2017-06-04 05:33 - 2017-06-04 05:33 - 00026624 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00275968 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00015360 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00008192 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00009216 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00023552 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00008704 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00008704 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00008704 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00008704 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00036352 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00126976 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00087552 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00016384 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00127316 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\bin\libffi-6.dll
2017-06-04 05:33 - 2017-06-04 05:33 - 00013312 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00095744 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-06-04 05:33 - 2017-06-04 05:33 - 00026624 ____C () C:\Users\Leah\AppData\Local\Temp\ocr8220.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-04-08 03:24 - 2017-04-08 03:26 - 00939520 ____C () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2017-04-08 03:24 - 2017-04-08 03:26 - 03115520 ____C () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2017-03-11 18:03 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\Desktop\Pictures\IMG_0314.JPG
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48020C6E-9FC3-44E9-9A49-891DC173320B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{863EC50A-EBA0-431F-9800-E49C06BFE6AE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7853FB7D-0ABB-4530-B795-6848DF14626A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49E1836B-C4BC-41BF-A5AA-AADC13691C86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3D82AD7-DF0E-4E71-BC04-789BCA828A9F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{23E05D25-C2A6-4993-AAD0-617E5DF23D6B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{0C247812-A82B-4874-AD13-0DC53BCB724C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{9F917CFF-2C2F-4C91-A267-B09587524DF4}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{66E91821-E2DB-4E4E-9277-63F147B5282F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{30899B87-EC05-4233-8DE7-CA86B36EBD50}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{5C7F4A78-F800-4075-8E47-3AE01A77F69A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AD50B472-3A79-4A13-A152-9774EC1A9E9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C2B5055D-0E41-4DDA-A5DF-528D4F8ECAB8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{222EB346-72F1-4188-A901-DEF86C654436}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{47E8DE95-D25F-4998-8445-DF6FFED35EE5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless Bluetooth(R)
Description: Intel(R) Wireless Bluetooth(R)
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2017 06:10:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/04/2017 05:36:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/04/2017 05:36:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x2174
Faulting application start time: 0x01d2dd26c83f55df
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: c219ac44-5642-4b87-ac84-4f8b0b7da7e4
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/04/2017 05:35:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 15.2.0.1020, time stamp: 0x57d81123
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0624f90d
Faulting process id: 0x2180
Faulting application start time: 0x01d2dd269ae00b84
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: aad9e998-46cc-47c0-842e-680efef7b01b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/04/2017 05:35:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__12_0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/04/2017 05:35:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/04/2017 05:35:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x29b4
Faulting application start time: 0x01d2dd26b147b80f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 5b6058f5-0c24-4d73-ab26-887f526cbc32
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/04/2017 05:33:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/04/2017 05:33:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x1e5c
Faulting application start time: 0x01d2dd265daf99af
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 6a534005-8778-4494-9ba5-1bc0571fe056
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/04/2017 05:33:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/04/2017 05:38:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leah\AppData\Local\Temp\ehdrv.sys

Error: (06/04/2017 05:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/04/2017 05:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/04/2017 05:38:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leah\AppData\Local\Temp\ehdrv.sys

Error: (06/04/2017 05:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/04/2017 05:38:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leah\AppData\Local\Temp\ehdrv.sys

Error: (06/04/2017 05:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/04/2017 05:38:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leah\AppData\Local\Temp\ehdrv.sys

Error: (06/04/2017 05:38:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/04/2017 05:38:32 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leah\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
Date: 2017-05-06 19:45:41.323
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-01 19:11:49.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-14 13:03:03.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16273.78 MB
Available physical RAM: 12357.79 MB
Total Virtual: 18705.78 MB
Available Virtual: 15075.26 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:72.01 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1846.67 GB) (Free:1846.41 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:16.34 GB) (Free:1.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: () (Removable) (Total:29.82 GB) (Free:22.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 054ECCD0)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 20B115E1)

Partition: GPT.

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

You're not really saying what's wrong with your computer.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I will start these next steps in a few hours after I type up some stuff for my attorney, but I wanted to respond to your statement that I'm not really saying what's wrong with my computer. Lol, you are absolutely right- I didn't say anything at all, did I?

Anyhow, it has been behaving very oddly, and started not too long after I bought it. I have been getting spam emails sent to me from my own damn email address, and it's driving me nuts, so I did a search as to why that is happening and what I could do to stop it, since I already spoke to my email provider's help people and changed my password neither of which helped. I read something about spoofing, and that it can start from being infected by malware. So I searched how to tell if I was infected or hacked, because my antivirus runs scans and always says everything is A-ok.

I came across articles listing signs of infection, and realized that I have almost all the signs I read about, such as:
  • Slowdown of my comp/browser freezes/stops responding all the time.
  • browser and even system crashes
  • high hard drive usage when no programs are running that should do that
  • programs opening and closing automatically
  • Windows operating system shutting down without reason
  • strange windows in the booting process
  • Sometimes my antivirus turns itself off, and doesn't always download updates
  • Unusual beeps and noises from my laptop randomly that I've never heard before...
I also read that viruses may cause some of my files to become corrupted or cause them not to work anymore, so I should mention that my last laptop was having so many of these same problems as well. TWICE my external hard drive became corrupted and I lost everything I had on it. I stopped using that laptop after I tried everything, and got a new one - since it was a few years old anyway. But I am experiencing many of the same problems now. I read that sometimes an external drive can become infected and it's possible to just transfer infections over and over when you plug it in to new computers, so I am also wondering if I did that, and if so, how I would check? I have done scans of my hard drives and flash drives as well, but the antivirus never finds anything.

Sometimes it seems as if someone else is using my network, or bandwidth, as my comp performance and internet speed will both significantly lower. I try to research everything, but it has gotten to a point where either I picked up a technology gremlin and need an exorcism, or I just need professional help. But alas, I am poor.

Now I'm going to go type up some paperwork for a legal crapfest I have going on, but I will begin taking the steps outlined in your response as soon as possible.

Thank you SO much!
 
Rogue Killer Report:


RogueKiller V12.11.1.0 (x64) [Jun 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Leah [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/06/2017 06:52:49 (Duration : 00:18:29)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0322531494286731mcinstcleanup (C:\WINDOWS\TEMP\032253~1.EXE -cleanup -nolog) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://duckduckgo/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://duckduckgo/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.211.89.200 74.211.89.201 24.56.178.102 ([United States][-][-]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9d9b7f5e-7163-444c-87a8-c985a673df4f} | DhcpNameServer : 74.211.89.200 74.211.89.201 24.56.178.102 ([United States][-][-]) -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZNTY128HDHP-000H1 +++++
--- User ---
[MBR] 6f2bf6d74cd72c34fe8a4037450cb1ce
[BSP] 7fa5ff62a01e14cd9abbd2fd6fa74105 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST2000LM003 HN-M201RAD +++++
--- User ---
[MBR] 24e66d7b98423ef0a76abc959bfc7bd6
[BSP] c9bcf04e1e01bae2013d3ade687dadce : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 1890991 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 3872751616 | Size: 16737 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SDHC Card +++++
--- User ---
[MBR] 46de26e17b6ff274b065851ab96343ff
[BSP] 1dc2575c5c028711316993709e5fa166 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30539 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes Scan Report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/6/17
Scan Time: 7:32 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2097
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: LEAH\Leah

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363705
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
AdwCleaner Report:

# AdwCleaner v6.047 - Logfile created 06/06/2017 at 07:46:11
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-05.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Leah - LEAH
# Running from : C:\Users\Leah\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [737 Bytes] - [06/06/2017 07:46:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [1128 Bytes] - [06/06/2017 07:44:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [882 Bytes] ##########
 
Junkware Removal Tool Report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Leah (Administrator) on Tue 06/06/2017 at 8:06:03.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Program Files (x86)\Common Files\innovative solutions (Folder)

Deleted the following from C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\prefs.js
user_pref(extensions.clipconverter@clipconverter.cc.sdk.baseURI, resource://clipconverter-at-clipconverter-dot-cc/);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.domain, clipconverter-at-clipconverter-dot-cc);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.load.reason, startup);
user_pref(extensions.clipconverter@clipconverter.cc.sdk.rootURI, jar:file:///C:/Users/Leah/AppData/Roaming/Mozilla/Firefox/Profiles/3sksgfqa.default/extensions/clipconverte
user_pref(extensions.clipconverter@clipconverter.cc.sdk.version, 1.5.2);
user_pref(extensions.xpiState, {\app-profile\:{\clipconverter@clipconverter.cc\:{\d\:\C:\\\\Users\\\\Leah\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7A833495-089E-400B-9571-398895D3A393} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7A833495-089E-400B-9571-398895D3A393} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/06/2017 at 8:06:58.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Not much so far...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by Leah (administrator) on LEAH (06-06-2017 16:38:27)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\McCSPServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42377.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42377.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-03-18] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-20] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-04-08] (The NWJS Community)
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-11-20] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{9d9b7f5e-7163-444c-87a8-c985a673df4f}: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{b8cc37ae-8221-43cf-882b-4f1991adb266}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d9866d9f-551b-4b8c-ba39-4306626e0b6d}: [DhcpNameServer] 20.0.1.5 20.0.1.6

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-86620361-1279893241-792249848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-06-06] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-06] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-06] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-11] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 3sksgfqa.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default [2017-06-06]
FF Extension: (ClipConverter) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\clipconverter@clipconverter.cc.xpi [2017-04-07]
FF Extension: (DuckDuckGo Plus) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\3sksgfqa.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-04-27]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-06-01] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-06] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-06] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-05-28] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-03] (Dropbox, Inc.)
S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-03-18] (Intel Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4432848 2017-05-23] (SecureMix LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [1001520 2017-04-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.4.480.0\\McCSPServiceHost.exe [2115584 2017-04-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241664 2017-03-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384504 2017-03-17] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [343544 2017-03-17] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1582560 2017-04-27] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [87568 2017-04-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-03-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-03-18] (Intel Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [485904 2017-04-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [363024 2017-04-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [514576 2017-04-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [917008 2017-04-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-04-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-04-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-03-18] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [332512 2016-08-22] (Trend Micro Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S0 ysyfer; no ImagePath
S3 ibtusb; \SystemRoot\system32\DRIVERS\ibtusb.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 16:38 - 2017-06-06 16:38 - 00000000 ___DC C:\Users\Leah\Downloads\FRST-OlderVersion
2017-06-06 08:34 - 2017-06-06 08:34 - 00663986 ____C C:\Users\Leah\AppData\Local\census.cache
2017-06-06 08:34 - 2017-06-06 08:34 - 00290210 ____C C:\Users\Leah\AppData\Local\ars.cache
2017-06-06 08:34 - 2017-06-06 08:34 - 00000010 ____C C:\Users\Leah\AppData\Local\sponge.last.runtime.cache
2017-06-06 08:33 - 2017-06-06 08:33 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-06 08:28 - 2017-06-06 08:28 - 00000000 ___DC C:\WINDOWS\Trend Micro
2017-06-06 08:28 - 2017-06-06 08:28 - 00000000 ___DC C:\ProgramData\Trend Micro
2017-06-06 08:26 - 2017-06-06 08:26 - 02527376 ____C (Trend Micro Inc.) C:\Users\Leah\Downloads\HousecallLauncher64.exe
2017-06-06 08:26 - 2017-06-06 08:26 - 00000036 ____C C:\Users\Leah\AppData\Local\housecall.guid.cache
2017-06-06 08:26 - 2016-08-22 13:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-06-06 08:06 - 2017-06-06 08:06 - 00001736 ____C C:\Users\Leah\Desktop\JRT.txt
2017-06-06 07:50 - 2017-06-06 08:05 - 01663672 ____C (Malwarebytes) C:\Users\Leah\Desktop\JRT.exe
2017-06-06 07:50 - 2017-06-06 07:50 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-06-06 07:41 - 2017-06-06 07:47 - 00000000 ___DC C:\AdwCleaner
2017-06-06 07:40 - 2017-06-06 07:41 - 04110280 ____C C:\Users\Leah\Desktop\AdwCleaner.exe
2017-06-06 07:27 - 2017-06-06 07:47 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-06 07:27 - 2017-06-06 07:47 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-06 07:27 - 2017-06-06 07:47 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-06 07:27 - 2017-06-06 07:47 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-06 07:27 - 2017-06-06 07:27 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-06 07:27 - 2017-06-06 07:27 - 00001879 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-06 07:27 - 2017-06-06 07:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-06 07:27 - 2017-06-06 07:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-06-06 07:27 - 2017-06-06 07:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-06-06 07:27 - 2017-05-31 11:09 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-06 07:25 - 2017-06-06 07:27 - 64025992 ____C (Malwarebytes ) C:\Users\Leah\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-06 06:52 - 2017-06-06 06:52 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-06 06:42 - 2017-06-06 06:42 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2017-06-06 06:33 - 2017-06-06 07:27 - 00000000 ___DC C:\ProgramData\RogueKiller
2017-06-06 06:32 - 2017-06-06 06:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-06 06:32 - 2017-06-06 06:32 - 00000000 ___DC C:\Program Files\RogueKiller
2017-06-06 06:29 - 2017-06-06 06:33 - 00000000 ___DC C:\Program Files\Microsoft Office
2017-06-06 06:29 - 2017-06-06 06:29 - 06906680 ____C (Microsoft Corporation) C:\Users\Leah\Downloads\Setup.X64.en-us_O365ProPlusRetail_0523d7a5-ff5a-49a0-99ea-d20b664bc108_TX_PR_b_16_.exe
2017-06-06 06:29 - 2017-06-06 06:29 - 00000000 ___DC C:\Program Files\Microsoft Office 15
2017-06-06 06:23 - 2017-06-06 06:31 - 35426672 ____C (Adlice Software ) C:\Users\Leah\Desktop\RogueKiller_setup_ref3.exe
2017-06-06 04:25 - 2017-06-06 04:25 - 00000000 ___DC C:\Users\Leah\AppData\Local\GlassWire
2017-06-06 02:10 - 2017-06-06 02:10 - 00000000 ___DC C:\ProgramData\GlassWire
2017-06-06 02:10 - 2017-06-06 02:10 - 00000000 ___DC C:\Program Files (x86)\GlassWire
2017-06-06 02:10 - 2015-05-28 22:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-06-06 02:10 - 2015-05-28 22:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-06-06 02:08 - 2017-06-06 02:09 - 30663168 ____C (SecureMix LLC) C:\Users\Leah\Downloads\GlassWireSetup.exe
2017-06-04 07:08 - 2017-06-04 07:08 - 00041116 ____C C:\Users\Leah\Desktop\Addition.txt
2017-06-04 07:08 - 2017-06-04 07:08 - 00030692 ____C C:\Users\Leah\Desktop\FRST.txt
2017-06-04 06:49 - 2017-06-06 16:38 - 00021235 ____C C:\Users\Leah\Downloads\FRST.txt
2017-06-04 06:49 - 2017-06-04 06:49 - 00041113 ____C C:\Users\Leah\Downloads\Addition.txt
2017-06-04 06:48 - 2017-06-06 16:38 - 02433536 ____C (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2017-06-04 06:48 - 2017-06-06 16:38 - 00000000 ___DC C:\FRST
2017-06-04 05:34 - 2017-06-04 05:34 - 00000000 ___DC C:\Users\Leah\AppData\Local\ESET
2017-06-04 05:30 - 2017-06-04 05:30 - 00110868 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_05.30.21_log.txt
2017-06-04 05:27 - 2017-06-04 05:27 - 00000214 ____C C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-04 03:47 - 2017-06-04 03:47 - 00000017 ____C C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-04 03:14 - 2017-06-04 03:14 - 00029139 ____C C:\ProgramData\agent.1496567682.bdinstall.bin
2017-06-04 03:08 - 2017-06-04 03:08 - 00000000 ___DC C:\Users\Leah\Documents\cce_2.5.242177.201_x64
2017-06-04 03:07 - 2017-06-04 03:07 - 02030536 ____C (Bleeping Computer, LLC) C:\Users\Leah\Downloads\rkill.com
2017-06-04 03:00 - 2017-06-04 03:02 - 00097926 ____C C:\TDSSKiller.3.1.0.15_04.06.2017_03.00.28_log.txt
2017-06-04 02:59 - 2017-06-04 03:00 - 04922400 ____C (AO Kaspersky Lab) C:\Users\Leah\Downloads\tdsskiller.exe
2017-06-04 02:40 - 2017-06-04 02:40 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\QuickScan
2017-06-04 02:39 - 2017-06-04 02:39 - 00046846 ____C C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 02:39 - 2017-06-04 02:39 - 00000000 ___DC C:\ProgramData\Bitdefender Agent
2017-06-04 02:33 - 2017-06-04 02:33 - 04860560 ____C (Krzysztof Kowalczyk) C:\Users\Leah\Downloads\SumatraPDF-3.1.2-install.exe
2017-06-04 02:33 - 2017-06-04 02:33 - 00002001 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2017-06-04 02:33 - 2017-06-04 02:33 - 00000000 ___DC C:\Program Files (x86)\SumatraPDF
2017-06-04 02:14 - 2017-06-06 06:00 - 00004090 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2017-06-04 02:14 - 2017-06-04 02:14 - 00001601 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2017-06-04 02:14 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2017-06-04 02:13 - 2017-06-04 02:14 - 00003804 _____ C:\WINDOWS\System32\Tasks\UninstallMonitor
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\Users\Leah\AppData\Local\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:14 - 00000000 ___DC C:\ProgramData\Innovative Solutions
2017-06-04 02:13 - 2017-06-04 02:13 - 00000352 ____C C:\WINDOWS\Tasks\Health-Check-deep.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000350 ____C C:\WINDOWS\Tasks\Health-Check-auto.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000344 ____C C:\WINDOWS\Tasks\Health-Check.job
2017-06-04 02:13 - 2017-06-04 02:13 - 00000000 ___DC C:\Program Files (x86)\Innovative Solutions
2017-06-04 02:13 - 2014-03-07 10:25 - 00042496 ____C C:\WINDOWS\SysWOW64\AdvUninstCPL.cpl
2017-06-04 02:11 - 2017-06-04 02:11 - 19316456 ____C (Innovative Solutions ) C:\Users\Leah\Downloads\Advanced_Uninstaller11.exe
2017-06-02 04:02 - 2017-06-02 04:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-23 10:52 - 2017-05-23 10:52 - 01028206 ____C C:\Users\Leah\Downloads\endocrine_disruptors_508.pdf
2017-05-21 23:34 - 2017-05-21 23:34 - 05819254 ____C C:\Users\Leah\Downloads\in-the-lymelight.pdf
2017-05-10 11:41 - 2017-05-10 12:58 - 00003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-05-08 05:26 - 2017-05-08 05:26 - 01947648 ____C C:\Users\Leah\Downloads\ascension-studyguide.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 16:37 - 2017-02-15 01:11 - 00000000 ___DC C:\Users\Leah\Desktop\Shortcuts
2017-06-06 16:35 - 2016-11-20 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-06 16:13 - 2017-02-18 19:08 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-06 08:31 - 2016-07-16 05:45 - 00000000 ___DC C:\WINDOWS\INF
2017-06-06 08:08 - 2017-02-03 18:22 - 00000000 ___DC C:\Users\Leah\AppData\LocalLow\Mozilla
2017-06-06 08:06 - 2017-02-05 12:10 - 00000000 ___DC C:\Users\Leah\AppData\Local\CrashDumps
2017-06-06 08:02 - 2017-02-05 16:50 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-06-06 07:54 - 2016-11-20 12:51 - 02698114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-06 07:52 - 2017-02-07 09:54 - 00000000 ___DC C:\Users\Leah
2017-06-06 07:47 - 2017-02-03 14:42 - 00000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
2017-06-06 07:47 - 2016-11-20 12:41 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-06-06 07:46 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\Registration
2017-06-06 07:46 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-06 06:43 - 2016-07-16 05:47 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2017-06-06 06:42 - 2016-07-16 05:47 - 00000000 ___DC C:\Program Files\Common Files\microsoft shared
2017-06-06 06:34 - 2017-02-08 15:56 - 00002459 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002423 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002418 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002417 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002381 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002380 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002374 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002368 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00002360 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-06-06 06:34 - 2017-02-08 15:56 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-06 06:05 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-06 06:01 - 2016-05-04 05:59 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2017-06-06 04:24 - 2017-03-11 17:57 - 00000360 ____C C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job
2017-06-06 04:24 - 2016-11-20 12:40 - 00350568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-05 22:11 - 2017-03-11 17:57 - 00003326 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLeah
2017-06-04 07:36 - 2017-04-12 03:32 - 00000000 __RDC C:\Users\Leah\Desktop\Video
2017-06-04 06:16 - 2016-05-04 05:58 - 00000000 ___DC C:\Program Files (x86)\Online Services
2017-06-04 05:29 - 2017-03-24 04:03 - 00000000 ___DC C:\Users\Leah\AppData\Local\ElevatedDiagnostics
2017-06-04 03:55 - 2017-02-03 14:42 - 00000000 ___DC C:\Users\Leah\AppData\Local\Packages
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 __HDC C:\Program Files\WindowsApps
2017-06-04 03:55 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\AppReadiness
2017-06-04 03:43 - 2017-02-12 03:45 - 00000000 ___DC C:\Program Files (x86)\Google
2017-06-04 03:17 - 2017-04-12 03:28 - 00000000 ___DC C:\Users\Leah\Desktop\Humans Becoming, LLC
2017-06-04 02:41 - 2017-02-08 14:35 - 00000000 ___DC C:\Program Files (x86)\Adobe
2017-06-04 02:07 - 2017-02-08 13:49 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Zoom
2017-06-04 02:07 - 2016-11-24 08:07 - 00000000 ___DC C:\ProgramData\HP
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Users\Leah\AppData\Local\Opera Software
2017-06-04 02:06 - 2017-04-08 03:15 - 00000000 ___DC C:\Program Files\Opera
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-01 22:01 - 2017-02-03 18:22 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-06-01 21:52 - 2016-07-16 05:47 - 00000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-05-31 13:03 - 2017-04-19 06:40 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-25 21:39 - 2017-02-03 18:45 - 00000000 ___DC C:\Users\Leah\AppData\Roaming\vlc
2017-05-25 11:24 - 2017-03-10 17:47 - 00000000 ___DC C:\Users\Leah\Desktop\Writings and ruminations
2017-05-25 08:01 - 2016-11-24 08:16 - 00000000 ___DC C:\ProgramData\McAfee
2017-05-21 07:22 - 2017-02-07 09:57 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-05-21 07:22 - 2017-02-07 09:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-05-20 02:26 - 2017-02-03 17:50 - 00000000 ___DC C:\Program Files\Common Files\McAfee
2017-05-20 02:24 - 2016-07-16 05:47 - 00000000 __HDC C:\WINDOWS\ELAMBKUP
2017-05-14 22:58 - 2017-03-10 17:51 - 00000000 ___DC C:\Users\Leah\Desktop\Rocks I bought
2017-05-10 20:55 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-09 03:51 - 2017-02-15 01:14 - 00000000 ___DC C:\Users\Leah\Desktop\School
2017-05-08 17:38 - 2017-02-03 18:11 - 00000000 ___DC C:\Program Files (x86)\McAfee

==================== Files in the root of some directories =======

2017-06-06 08:34 - 2017-06-06 08:34 - 0290210 ____C () C:\Users\Leah\AppData\Local\ars.cache
2017-06-06 08:34 - 2017-06-06 08:34 - 0663986 ____C () C:\Users\Leah\AppData\Local\census.cache
2017-06-06 08:26 - 2017-06-06 08:26 - 0000036 ____C () C:\Users\Leah\AppData\Local\housecall.guid.cache
2017-06-04 03:47 - 2017-06-04 03:47 - 0000017 ____C () C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-06 08:34 - 2017-06-06 08:34 - 0000010 ____C () C:\Users\Leah\AppData\Local\sponge.last.runtime.cache
2017-06-04 02:39 - 2017-06-04 02:39 - 0046846 ____C () C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 03:14 - 2017-06-04 03:14 - 0029139 ____C () C:\ProgramData\agent.1496567682.bdinstall.bin

Some files in TEMP:
====================
2017-06-06 06:34 - 2017-02-07 10:48 - 1886344 ____C (Microsoft Corporation) C:\Users\Leah\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-05 12:58

==================== End of FRST.txt ============================
 
Dditional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Leah (06-06-2017 16:38:56)
Running from C:\Users\Leah\Downloads
Windows 10 Pro Version 1607 (X64) (2017-02-07 15:58:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-86620361-1279893241-792249848-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-86620361-1279893241-792249848-503 - Limited - Disabled)
Guest (S-1-5-21-86620361-1279893241-792249848-501 - Limited - Disabled)
Leah (S-1-5-21-86620361-1279893241-792249848-1001 - Administrator - Enabled) => C:\Users\Leah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.17.0.86 - Innovative Solutions)
Ansel (Version: 376.82 - NVIDIA Corporation) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.102 - SecureMix LLC)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{46caed41-afbb-4279-ba3b-0ef2f20f05fa}) (Version: 19.20.0001.5153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.137 - McAfee, Inc.)
McAfee® Internet Security (HKLM-x32\...\MSC) (Version: 16.0.0 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7770 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B116A95-280C-45C5-8620-C4D17EFE687E} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2017-01-30] ()
Task: {0F5A1111-A502-4F5D-AB08-705292B945D3} - System32\Tasks\HPCeeScheduleForLeah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {204F535A-60F3-401B-96FD-206FD1E07973} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-28] (Microsoft Corporation)
Task: {212AA8C1-E64C-4951-89B6-26BE1A74A25C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-28] (Microsoft Corporation)
Task: {22F501B0-4B6A-4A23-B5CF-6B9D6A2726F8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {2677519D-B013-4285-BA4A-4AB9624BEA60} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2EEEC16E-05F6-4BF8-B6EF-F958CA8C5937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {32494DE3-891B-4D20-92D4-DE176ABC6984} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {3514114B-09C3-4556-8CC0-00AF5FE82CCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3CB1F010-34AB-43BB-95F2-453C591E54F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {3D5EF718-D551-472A-AF0A-6D491408BB6B} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {3F0AA9AD-B568-45A1-95D1-D4C56E74FF02} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-04-11] (McAfee, Inc.)
Task: {50378E37-0C9C-4BD9-82FF-33C479AC81E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5422DF65-4151-44DD-9C57-187113223F9E} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2016-10-20] (McAfee, Inc.)
Task: {54BD1123-B551-4AD4-8427-36EAA7515D52} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-06] ()
Task: {63ACB2AE-0A79-4FBC-AE95-0D7F5FDC5C1F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {6691C862-50D9-4DE5-AD3F-4B2FFAF480BB} - System32\Tasks\HPDAS => C:\Program
Task: {67C33A16-F8B0-4A0F-81A8-038E81C42D43} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-06] (Microsoft Corporation)
Task: {7968D0AA-D816-4841-BCBB-C463FA03A4C4} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {8204E6CB-0946-4D34-A9D8-E2658AD239F2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {843420E5-3412-44CA-8530-44C4B8F9220B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {8435C19E-ECC3-4591-8835-AF11DE93A8F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {934A74E5-B5EB-4AC6-AD4D-1DF5422923BA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03] (Dropbox, Inc.)
Task: {9D6CC28F-5F08-4838-A63E-DFA0386BC04E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {AED42F76-0346-4B8B-B22C-B5365F4F76A0} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-04-08] ()
Task: {B762D6D7-CC2F-4B5E-A3D0-27540361E08E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {CFB603FE-1957-4FB4-8CC6-C10AE816AB7C} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {D4E29501-24BF-4071-BD90-CAB913987493} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-06-06] (Microsoft Corporation)
Task: {E1F508FC-4448-4E34-B8DA-DAB0A1737577} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {E3B0E3E9-D46A-435B-BD91-62CC595E1C35} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2017-01-30] (Innovative Solutions GRUP SRL)
Task: {E4E952F4-0199-40E6-97FE-4A79476309A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E6EA9D2A-CEA7-4143-95D1-32490780D534} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-06] ()
Task: {EB3B54B7-BE2D-4702-919E-2FEF62FA2492} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-03] (Dropbox, Inc.)
Task: {EEAECFB7-46D4-45F4-B4D1-E697BAE13BF8} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {F0595B6C-42F1-4073-BDE5-36A68F65DFEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {F720C5DE-384C-44C2-88C0-771D4E53F88B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {F7438BCF-C51B-4891-BEFB-025D3C717A5D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {F97C619C-23BF-457F-A5B7-3F591A5A091A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FE884F9B-01DD-4BAB-9412-DC9CF3199C26} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLeah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-07 10:47 - 2017-02-07 10:47 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-06 06:34 - 2017-06-06 06:34 - 08931008 ____C () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-04-19 06:40 - 2017-05-09 11:44 - 01101640 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll
2017-04-19 06:40 - 2017-05-09 11:46 - 00607440 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2016-11-20 12:11 - 2016-11-20 12:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-07 14:12 - 2017-04-07 14:12 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-04-03 17:17 - 2017-04-03 17:17 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-04-03 17:17 - 2017-04-03 17:17 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-04-03 17:17 - 2017-04-03 17:17 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-04-03 17:17 - 2017-04-03 17:17 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-02-03 18:46 - 2017-02-03 18:47 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-04-03 17:17 - 2017-04-03 17:17 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-04-03 17:17 - 2017-04-03 17:17 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-02-03 18:46 - 2017-02-03 18:47 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-14 01:22 - 2017-03-14 01:22 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-04-07 14:11 - 2017-04-07 14:11 - 01710080 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42377.0_x64__8wekyb3d8bbwe\HxMail.exe
2017-04-07 14:11 - 2017-04-07 14:11 - 13358272 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8104.42377.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-07 10:48 - 2017-02-07 10:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-23 04:11 - 2017-05-23 04:11 - 00178128 ____C () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-06-06 06:35 - 2017-06-06 06:35 - 08930496 ____C () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2017-03-11 18:03 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-86620361-1279893241-792249848-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\Desktop\Pictures\IMG_0314.JPG
DNS Servers: 74.211.89.200 - 74.211.89.201
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-86620361-1279893241-792249848-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48020C6E-9FC3-44E9-9A49-891DC173320B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{863EC50A-EBA0-431F-9800-E49C06BFE6AE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7853FB7D-0ABB-4530-B795-6848DF14626A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49E1836B-C4BC-41BF-A5AA-AADC13691C86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3D82AD7-DF0E-4E71-BC04-789BCA828A9F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{23E05D25-C2A6-4993-AAD0-617E5DF23D6B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{0C247812-A82B-4874-AD13-0DC53BCB724C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{9F917CFF-2C2F-4C91-A267-B09587524DF4}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{66E91821-E2DB-4E4E-9277-63F147B5282F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{30899B87-EC05-4233-8DE7-CA86B36EBD50}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{5C7F4A78-F800-4075-8E47-3AE01A77F69A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AD50B472-3A79-4A13-A152-9774EC1A9E9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{257EBCE0-0968-4685-98BD-43A8128D6EDE}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{27777BC4-5994-4EA9-B90E-DF43426602C7}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A9EA463D-1344-456B-A799-186A81E1CF08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{4F5C461A-0F23-49F4-BAFB-660A33230F4E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6188362A-E89E-465E-B31C-058099D4F6FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{318DE3C4-30E6-47D9-A3B8-9597729E22C6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EA4ADEAB-BA52-4058-AD2F-70ECBD1F7D40}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

06-06-2017 08:06:04 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless Bluetooth(R)
Description: Intel(R) Wireless Bluetooth(R)
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2017 08:06:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2017 08:06:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x19cc
Faulting application start time: 0x01d2dece2135d1b1
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: cdef16c4-e386-42be-a293-980b5cd1f493
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/06/2017 08:06:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/06/2017 07:52:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2017 07:52:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x2cf8
Faulting application start time: 0x01d2decc136e571a
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 8f8ebf39-6212-498b-9263-0d1a53338d0d
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/06/2017 07:50:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 15.2.0.1020, time stamp: 0x57d81123
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03788e3d
Faulting process id: 0x2280
Faulting application start time: 0x01d2decbb1e1a685
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 5269f0a4-8e89-4e5b-81ce-34f068e29637
Faulting package full name:
Faulting package-relative application ID:

Error: (06/06/2017 07:50:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__12_0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/06/2017 07:47:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2017 07:47:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Faulting module name: SearchUI.exe, version: 10.0.14393.693, time stamp: 0x585a272f
Exception code: 0xc000027b
Fault offset: 0x00000000001508fc
Faulting process id: 0x2194
Faulting application start time: 0x01d2decb77aaf91b
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: b1cd65af-a2ce-479e-8a42-5d2474599811
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (06/06/2017 07:47:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LEAH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/06/2017 02:46:17 PM) (Source: DCOM) (EventID: 10010) (User: LEAH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/06/2017 02:44:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/06/2017 02:44:17 PM) (Source: DCOM) (EventID: 10010) (User: LEAH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/06/2017 02:42:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/06/2017 02:33:35 PM) (Source: DCOM) (EventID: 10010) (User: LEAH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/06/2017 02:31:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/06/2017 02:31:35 PM) (Source: DCOM) (EventID: 10010) (User: LEAH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/06/2017 02:29:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/06/2017 01:47:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2017 01:40:44 PM) (Source: DCOM) (EventID: 10010) (User: LEAH)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-06-06 08:32:43.212
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-06 19:45:41.323
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-01 19:11:49.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-14 13:03:03.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 31%
Total physical RAM: 16273.78 MB
Available physical RAM: 11145.88 MB
Total Virtual: 18705.78 MB
Available Virtual: 13461.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:69.94 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1846.67 GB) (Free:1846.41 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:16.34 GB) (Free:1.93 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 054ECCD0)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 20B115E1)

Partition: GPT.

==================== End of Addition.txt ============================
 
I have noticed in task manager that I am having the same type of issues as discussed at this link:

https://answers.microsoft.com/en-us...nloading/71c2fb35-3fce-4a1a-89fb-0a4764d0fe6f

The Office click-to-run is always running, and when I end task, it just automatically starts again. I am not having any luck following any of these suggestions without any step[by-step help. Do you think there's a possibility this is one of my problems? If so, how can I stop it? If I delete click-to-run, it uninstalls Office completely.
 
This is not malware related so it'd be a subject to a different forum.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Leah (06-06-2017 18:01:49) Run:1
Running from C:\Users\Leah\Desktop
Loaded Profiles: Leah (Available Profiles: Leah)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <======= ATTENTION
S0 ysyfer; no ImagePath
S3 ibtusb; \SystemRoot\system32\DRIVERS\ibtusb.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
2017-06-06 08:34 - 2017-06-06 08:34 - 0290210 ____C () C:\Users\Leah\AppData\Local\ars.cache
2017-06-06 08:34 - 2017-06-06 08:34 - 0663986 ____C () C:\Users\Leah\AppData\Local\census.cache
2017-06-06 08:26 - 2017-06-06 08:26 - 0000036 ____C () C:\Users\Leah\AppData\Local\housecall.guid.cache
2017-06-04 03:47 - 2017-06-04 03:47 - 0000017 ____C () C:\Users\Leah\AppData\Local\resmon.resmoncfg
2017-06-06 08:34 - 2017-06-06 08:34 - 0000010 ____C () C:\Users\Leah\AppData\Local\sponge.last.runtime.cache
2017-06-04 02:39 - 2017-06-04 02:39 - 0046846 ____C () C:\ProgramData\agent.1496565561.bdinstall.bin
2017-06-04 03:14 - 2017-06-04 03:14 - 0029139 ____C () C:\ProgramData\agent.1496567682.bdinstall.bin
2017-06-06 06:34 - 2017-02-07 10:48 - 1886344 ____C (Microsoft Corporation) C:\Users\Leah\AppData\Local\Temp\dllnt_dump.dll

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\ysyfer => key removed successfully
ysyfer => service removed successfully
HKLM\System\CurrentControlSet\Services\ibtusb => key removed successfully
ibtusb => service removed successfully
HKLM\System\CurrentControlSet\Services\NvStreamKms => key removed successfully
NvStreamKms => service removed successfully
C:\Users\Leah\AppData\Local\ars.cache => moved successfully
C:\Users\Leah\AppData\Local\census.cache => moved successfully
C:\Users\Leah\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Leah\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Leah\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\ProgramData\agent.1496565561.bdinstall.bin => moved successfully
C:\ProgramData\agent.1496567682.bdinstall.bin => moved successfully
C:\Users\Leah\AppData\Local\Temp\dllnt_dump.dll => moved successfully


The system needed a reboot.

==== End of Fixlog 18:01:49 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
McAfee VirusScan
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 25.0.0.171
Mozilla Firefox (53.0.3)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Leah (administrator) on 06-06-2017 at 18:53:13
Running from "C:\Users\Leah\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Leah
->Temp folder emptied: 240676776 bytes
->Temporary Internet Files folder emptied: 6654521 bytes
->FireFox cache emptied: 375207444 bytes
->Flash cache emptied: 17114 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63873753 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 8206009 bytes
Process complete!
Total Files Cleaned = 662.00 mb
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
It's running much the same, unfortunately. However, you still helped immensely - at least now I know that it was not horrendous amounts of malware and viruses that was causing my problems! I kind of suspect that Microsoft Office Click-to-run, and the obviously evil corporation behind it (Akamai Technologies) collecting all my data without my permission, so I think I will try deleting Office and installing Open Office. Microsoft itself is evil enough as far as corporations go anyway, lol.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back