here is copy of FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by peter.mchugh (administrator) on PETERMCHUGH (08-03-2017 16:39:30)
Running from C:\Users\peter.mchugh\Downloads
Loaded Profiles: peter.mchugh (Available Profiles: peter.mchugh)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTFAD7.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Screenleap, Inc.) C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [ScreenShare] => C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe [3444776 2016-09-09] (Screenleap, Inc.)
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-03-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{88cda5b4-02a8-4cf5-9ad1-9f3e037b9846}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @citrixonline.com/appdetectorplugin -> C:\Users\peter.mchugh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\peter.mchugh\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\peter.mchugh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-26] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com/
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (Google Slides) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-07]
CHR Extension: (Google Docs) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-07]
CHR Extension: (Google Drive) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-07]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Cisco WebEx Extension) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-02]
CHR Extension: (FromDocToPDF) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Gmail) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0297651488807208mcinstcleanup; C:\WINDOWS\TEMP\029765~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-30] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-06-10] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [547840 2015-09-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro )
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [93872 2014-04-21] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 16:39 - 2017-03-08 16:39 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe
2017-03-08 12:54 - 2017-03-08 12:54 - 01087427 _____ C:\Users\peter.mchugh\Downloads\MScHRMD_Salford.pdf
2017-03-08 12:41 - 2017-03-08 12:41 - 03237451 _____ C:\Users\peter.mchugh\Downloads\salford.pdf
2017-03-07 13:52 - 2017-03-07 13:52 - 06786932 _____ C:\Users\peter.mchugh\Downloads\efire_ac_w1_21feb17.pptx
2017-03-07 12:35 - 2017-03-07 12:35 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (2).exe
2017-03-07 12:22 - 2017-03-07 12:22 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (1).exe
2017-03-03 10:53 - 2017-03-03 10:53 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner (1).exe
2017-03-03 10:52 - 2017-03-03 10:52 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2017-03-03 10:48 - 2017-03-03 10:53 - 00000000 ____D C:\AdwCleaner
2017-03-03 10:48 - 2017-03-03 10:48 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner.exe
2017-03-03 10:39 - 2017-03-03 10:39 - 00032398 _____ C:\Users\peter.mchugh\Desktop\Addition.txt
2017-03-03 10:38 - 2017-03-03 10:38 - 00036479 _____ C:\Users\peter.mchugh\Desktop\FRST.txt
2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Downloads\fixlist.txt
2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Desktop\fixlist.txt
2017-03-03 10:33 - 2017-03-03 10:33 - 00343659 _____ C:\Users\peter.mchugh\Downloads\ClaimRemittance-126244-0004598655.pdf
2017-03-03 10:00 - 2017-03-03 10:01 - 00032395 _____ C:\Users\peter.mchugh\Downloads\Addition.txt
2017-03-03 09:59 - 2017-03-08 16:39 - 00021192 _____ C:\Users\peter.mchugh\Downloads\FRST.txt
2017-03-03 09:59 - 2017-03-08 16:39 - 00000000 ____D C:\FRST
2017-03-03 09:59 - 2017-03-03 09:59 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64.exe
2017-03-03 09:58 - 2017-03-03 09:58 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST (1).exe
2017-03-02 21:28 - 2017-03-02 21:28 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST.exe
2017-03-02 14:53 - 2017-03-02 14:53 - 00004919 _____ C:\Users\peter.mchugh\Downloads\Creating an immersive assessment experience for candidates.ics
2017-03-02 14:44 - 2017-03-02 14:44 - 00465563 _____ C:\Users\peter.mchugh\Downloads\HBR - Understanding emotions as a key leadership skill.PDF
2017-03-02 14:43 - 2017-03-02 14:43 - 01859626 _____ C:\Users\peter.mchugh\Downloads\Emotional_Intelligence_from_a_Different_Perspective_handouts.pdf
2017-03-02 14:43 - 2017-03-02 14:43 - 00188021 _____ C:\Users\peter.mchugh\Downloads\Emotional Intelligence.pdf
2017-03-02 14:37 - 2017-03-02 14:37 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies (1).pdf
2017-03-02 14:31 - 2017-03-02 14:31 - 00106193 _____ C:\Users\peter.mchugh\Downloads\First model - DEVGUIDE-Exec.pdf
2017-03-02 14:27 - 2017-03-02 14:27 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies.pdf
2017-03-01 17:18 - 2017-03-01 17:20 - 80923931 _____ C:\Users\peter.mchugh\Downloads\Download 33 Sample Maps.zip
2017-03-01 16:54 - 2017-03-01 16:54 - 00006992 _____ C:\Users\peter.mchugh\Downloads\The Five Question Leader_ Work Less Hard, Have More Impact.ics
2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-03-01 12:53 - 2017-03-06 13:37 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\tkdata
2017-03-01 12:53 - 2017-03-06 13:33 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-03-01 12:53 - 2017-03-01 12:53 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2017-03-01 12:53 - 2017-03-01 12:53 - 00000000 ____D C:\ProgramData\TrueKey
2017-03-01 12:52 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Intel Security
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-01 12:45 - 2017-03-01 12:45 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\peter.mchugh\Downloads\readerdc_en_ka_install.exe
2017-03-01 12:44 - 2017-03-06 13:33 - 00000000 ____D C:\ProgramData\McAfee
2017-03-01 12:44 - 2017-03-01 13:14 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-03-01 12:44 - 2017-03-01 12:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-03-01 12:43 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files\TrueKey
2017-03-01 12:22 - 2017-03-01 12:22 - 00397683 _____ C:\Users\peter.mchugh\Downloads\H02KP0-PDF-ENG.PDF
2017-03-01 12:19 - 2017-03-01 12:19 - 00541166 _____ C:\Users\peter.mchugh\Downloads\R1110E-PDF-ENG.PDF
2017-02-23 19:26 - 2017-02-23 19:26 - 00281545 _____ C:\Users\peter.mchugh\Desktop\lucy passport.pdf
2017-02-23 14:55 - 2017-02-23 14:55 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-22 17:47 - 2017-02-22 17:47 - 00241405 _____ C:\Users\peter.mchugh\Downloads\Questions about Meta-Programs 2011.pdf
2017-02-22 17:40 - 2017-02-22 17:40 - 02808548 _____ C:\Users\peter.mchugh\Documents\mind map excuses.pdf
2017-02-22 13:58 - 2017-02-22 13:57 - 00346403 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg
2017-02-22 13:55 - 2017-02-22 13:55 - 00330586 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg
2017-02-22 10:26 - 2017-02-22 10:26 - 00465563 _____ C:\Users\peter.mchugh\Downloads\H038KF-PDF-ENG.PDF
2017-02-21 14:47 - 2017-02-21 14:47 - 00449406 _____ C:\Users\peter.mchugh\Downloads\H012J9-PDF-ENG.PDF
2017-02-21 14:47 - 2017-02-21 14:47 - 00051360 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG (1).PDF
2017-02-21 14:32 - 2017-02-21 14:32 - 00051358 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG.PDF
2017-02-21 13:02 - 2017-02-21 13:02 - 00000000 ____D C:\Users\peter.mchugh\Documents\Zoom
2017-02-21 09:45 - 2017-02-21 09:45 - 00460471 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView (1).pdf
2017-02-21 09:45 - 2017-02-21 09:45 - 00456491 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView (1).pdf
2017-02-21 09:45 - 2017-02-21 09:45 - 00455047 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView (1).pdf
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Zoom
2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-02-21 09:35 - 2017-02-21 09:36 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher.exe
2017-02-21 09:34 - 2017-02-21 09:34 - 00003912 _____ C:\Users\peter.mchugh\Downloads\7 Ways to Increase Your Credibility and Visibility as a Training and Performance Consultant.ics
2017-02-17 13:43 - 2017-02-17 13:43 - 00134077 _____ C:\Users\peter.mchugh\Desktop\INVOICE HRDQ - Training Tools for Developing Great People Skills.pdf
2017-02-14 10:55 - 2017-02-14 10:55 - 00455093 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView.pdf
2017-02-14 10:54 - 2017-02-14 10:54 - 00456540 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView.pdf
2017-02-14 10:52 - 2017-02-14 10:52 - 00460514 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView.pdf
2017-02-13 10:00 - 2017-02-13 10:01 - 01035335 _____ C:\Users\peter.mchugh\Downloads\VALUES-Fiona_Mchugh.pdf
2017-02-13 10:00 - 2017-02-13 10:00 - 00756557 _____ C:\Users\peter.mchugh\Downloads\DISC-Fiona_Mchugh.pdf
2017-02-13 09:08 - 2017-02-13 09:08 - 00287117 _____ C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg
2017-02-08 09:46 - 2017-02-08 09:46 - 00361815 _____ C:\Users\peter.mchugh\Downloads\WP-702010-Designing-Learning-Works-2017-ENG.pdf
2017-02-08 09:23 - 2017-02-08 09:23 - 00165355 _____ C:\Users\peter.mchugh\Downloads\Ladies Lunch 2017.pdf
2017-02-06 09:45 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-06 09:45 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-08 16:36 - 2016-08-18 19:46 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Skype
2017-03-08 16:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 16:18 - 2016-09-30 12:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 10:42 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-07 13:52 - 2015-10-05 11:06 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Packages
2017-03-07 12:00 - 2016-07-04 18:26 - 00000724 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job
2017-03-07 12:00 - 2016-07-04 18:26 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job
2017-03-03 10:57 - 2015-11-30 11:15 - 01285924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 10:52 - 2016-09-30 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-03 10:52 - 2016-09-30 12:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-03 10:52 - 2016-09-08 10:14 - 00000000 ____D C:\ProgramData\ScreenShare
2017-03-03 10:52 - 2015-10-05 11:06 - 00000000 __SHD C:\Users\peter.mchugh\IntelGraphicsProfiles
2017-03-03 10:51 - 2016-09-30 12:28 - 00000000 ____D C:\Users\peter.mchugh
2017-03-03 10:51 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 17:53 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-02 17:52 - 2016-12-21 20:55 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 17:52 - 2016-10-17 08:35 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 17:52 - 2015-11-30 11:20 - 00002433 _____ C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 17:52 - 2015-11-30 11:20 - 00000000 ___RD C:\Users\peter.mchugh\OneDrive
2017-03-02 17:50 - 2016-09-30 12:27 - 00000000 ____D C:\Program Files\DellTPad
2017-03-02 17:50 - 2015-10-07 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-02 13:14 - 2015-10-07 10:29 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Adobe
2017-03-01 12:53 - 2015-09-07 14:05 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-03-01 12:53 - 2015-09-07 14:04 - 00000000 ____D C:\ProgramData\Intel
2017-03-01 12:52 - 2015-09-07 14:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-23 19:23 - 2015-10-07 10:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 15:07 - 2015-10-08 12:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 15:06 - 2015-10-08 12:48 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 14:55 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 13:57 - 2015-10-20 07:36 - 00000000 ____D C:\Users\peter.mchugh\Documents\Scanned Documents
2017-02-22 13:42 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-08 09:22 - 2015-10-07 10:39 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 09:22 - 2015-10-07 10:39 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 19:48 - 2016-11-09 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 19:48 - 2016-11-09 19:16 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some files in TEMP:
====================
2016-10-20 13:36 - 2016-10-20 13:36 - 0737856 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-23 10:22 - 2017-01-23 10:22 - 0739904 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-01 08:49
==================== End of FRST.txt ============================