Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
removing slimcleaner plus from PC
Message
<blockquote data-quote="trixiebell" data-source="post: 606776" data-attributes="member: 59841"><p>here is copy of FRST:</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017</p><p>Ran by peter.mchugh (administrator) on PETERMCHUGH (08-03-2017 16:39:30)</p><p>Running from C:\Users\peter.mchugh\Downloads</p><p>Loaded Profiles: peter.mchugh (Available Profiles: peter.mchugh)</p><p>Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe</p><p>(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe</p><p>(Intel Corporation) C:\Windows\System32\ibtsiva.exe</p><p>(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe</p><p>(McAfee, Inc.) C:\Program Files\TrueKey\McTFAD7.tmp</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe</p><p>(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe</p><p>(Screenleap, Inc.) C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe</p><p>(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe</p><p>(Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe</p><p>(Microsoft Corporation) C:\Windows\splwow64.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\smartscreen.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor)</p><p>HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)</p><p>HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)</p><p>HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)</p><p>HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe</p><p>HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [ScreenShare] => C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe [3444776 2016-09-09] (Screenleap, Inc.)</p><p>HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.)</p><p>Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-03-01]</p><p>ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Hosts: 0.0.0.1 mssplus.mcafee.com</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</p><p>Tcpip\..\Interfaces\{88cda5b4-02a8-4cf5-9ad1-9f3e037b9846}: [DhcpNameServer] 192.168.0.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen</p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)</p><p>BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)</p><p>BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)</p><p>BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04] (Oracle Corporation)</p><p>BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04] (Oracle Corporation)</p><p>Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)</p><p>Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)</p><p>Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)</p><p>Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-04] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-04] (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @citrixonline.com/appdetectorplugin -> C:\Users\peter.mchugh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-04] (Citrix Online)</p><p>FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\peter.mchugh\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\peter.mchugh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-26] (Cisco WebEx LLC)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>CHR StartupUrls: Default -> "hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a>"</p><p>CHR Profile: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]</p><p>CHR Extension: (Google Slides) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-07]</p><p>CHR Extension: (Google Docs) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-07]</p><p>CHR Extension: (Google Drive) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]</p><p>CHR Extension: (YouTube) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]</p><p>CHR Extension: (Google Search) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]</p><p>CHR Extension: (Google Sheets) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-07]</p><p>CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-07-05]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]</p><p>CHR Extension: (Cisco WebEx Extension) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-02]</p><p>CHR Extension: (FromDocToPDF) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-03-03]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]</p><p>CHR Extension: (Gmail) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-07]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]</p><p>CHR HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 0297651488807208mcinstcleanup; C:\WINDOWS\TEMP\029765~1.EXE [922152 2016-03-02] (McAfee, Inc.)</p><p>R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)</p><p>R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)</p><p>R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation)</p><p>R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)</p><p>R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)</p><p>S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)</p><p>R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)</p><p>R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor)</p><p>S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-30] (Microsoft Corporation)</p><p>R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)</p><p>R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)</p><p>S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)</p><p>R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)</p><p>R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]</p><p>S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)</p><p>R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-06-10] (Intel Corporation)</p><p>R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation)</p><p>R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [547840 2015-09-12] (Intel Corporation)</p><p>R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation)</p><p>R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)</p><p>S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()</p><p>R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.)</p><p>R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation)</p><p>R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()</p><p>R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)</p><p>S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()</p><p>R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)</p><p>R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro )</p><p>R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [93872 2014-04-21] (STMicroelectronics)</p><p>S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)</p><p>R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)</p><p>R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-03-08 16:39 - 2017-03-08 16:39 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe</p><p>2017-03-08 12:54 - 2017-03-08 12:54 - 01087427 _____ C:\Users\peter.mchugh\Downloads\MScHRMD_Salford.pdf</p><p>2017-03-08 12:41 - 2017-03-08 12:41 - 03237451 _____ C:\Users\peter.mchugh\Downloads\salford.pdf</p><p>2017-03-07 13:52 - 2017-03-07 13:52 - 06786932 _____ C:\Users\peter.mchugh\Downloads\efire_ac_w1_21feb17.pptx</p><p>2017-03-07 12:35 - 2017-03-07 12:35 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (2).exe</p><p>2017-03-07 12:22 - 2017-03-07 12:22 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (1).exe</p><p>2017-03-03 10:53 - 2017-03-03 10:53 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner (1).exe</p><p>2017-03-03 10:52 - 2017-03-03 10:52 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad</p><p>2017-03-03 10:48 - 2017-03-03 10:53 - 00000000 ____D C:\AdwCleaner</p><p>2017-03-03 10:48 - 2017-03-03 10:48 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner.exe</p><p>2017-03-03 10:39 - 2017-03-03 10:39 - 00032398 _____ C:\Users\peter.mchugh\Desktop\Addition.txt</p><p>2017-03-03 10:38 - 2017-03-03 10:38 - 00036479 _____ C:\Users\peter.mchugh\Desktop\FRST.txt</p><p>2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Downloads\fixlist.txt</p><p>2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Desktop\fixlist.txt</p><p>2017-03-03 10:33 - 2017-03-03 10:33 - 00343659 _____ C:\Users\peter.mchugh\Downloads\ClaimRemittance-126244-0004598655.pdf</p><p>2017-03-03 10:00 - 2017-03-03 10:01 - 00032395 _____ C:\Users\peter.mchugh\Downloads\Addition.txt</p><p>2017-03-03 09:59 - 2017-03-08 16:39 - 00021192 _____ C:\Users\peter.mchugh\Downloads\FRST.txt</p><p>2017-03-03 09:59 - 2017-03-08 16:39 - 00000000 ____D C:\FRST</p><p>2017-03-03 09:59 - 2017-03-03 09:59 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64.exe</p><p>2017-03-03 09:58 - 2017-03-03 09:58 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST (1).exe</p><p>2017-03-02 21:28 - 2017-03-02 21:28 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST.exe</p><p>2017-03-02 14:53 - 2017-03-02 14:53 - 00004919 _____ C:\Users\peter.mchugh\Downloads\Creating an immersive assessment experience for candidates.ics</p><p>2017-03-02 14:44 - 2017-03-02 14:44 - 00465563 _____ C:\Users\peter.mchugh\Downloads\HBR - Understanding emotions as a key leadership skill.PDF</p><p>2017-03-02 14:43 - 2017-03-02 14:43 - 01859626 _____ C:\Users\peter.mchugh\Downloads\Emotional_Intelligence_from_a_Different_Perspective_handouts.pdf</p><p>2017-03-02 14:43 - 2017-03-02 14:43 - 00188021 _____ C:\Users\peter.mchugh\Downloads\Emotional Intelligence.pdf</p><p>2017-03-02 14:37 - 2017-03-02 14:37 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies (1).pdf</p><p>2017-03-02 14:31 - 2017-03-02 14:31 - 00106193 _____ C:\Users\peter.mchugh\Downloads\First model - DEVGUIDE-Exec.pdf</p><p>2017-03-02 14:27 - 2017-03-02 14:27 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies.pdf</p><p>2017-03-01 17:18 - 2017-03-01 17:20 - 80923931 _____ C:\Users\peter.mchugh\Downloads\Download 33 Sample Maps.zip</p><p>2017-03-01 16:54 - 2017-03-01 16:54 - 00006992 _____ C:\Users\peter.mchugh\Downloads\The Five Question Leader_ Work Less Hard, Have More Impact.ics</p><p>2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus</p><p>2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\Program Files\McAfee Security Scan</p><p>2017-03-01 12:53 - 2017-03-06 13:37 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\tkdata</p><p>2017-03-01 12:53 - 2017-03-06 13:33 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk</p><p>2017-03-01 12:53 - 2017-03-01 12:53 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk</p><p>2017-03-01 12:53 - 2017-03-01 12:53 - 00000000 ____D C:\ProgramData\TrueKey</p><p>2017-03-01 12:52 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Intel Security</p><p>2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\McAfee</p><p>2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\AV</p><p>2017-03-01 12:45 - 2017-03-01 12:45 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\peter.mchugh\Downloads\readerdc_en_ka_install.exe</p><p>2017-03-01 12:44 - 2017-03-06 13:33 - 00000000 ____D C:\ProgramData\McAfee</p><p>2017-03-01 12:44 - 2017-03-01 13:14 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2017-03-01 12:44 - 2017-03-01 12:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan</p><p>2017-03-01 12:43 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files\TrueKey</p><p>2017-03-01 12:22 - 2017-03-01 12:22 - 00397683 _____ C:\Users\peter.mchugh\Downloads\H02KP0-PDF-ENG.PDF</p><p>2017-03-01 12:19 - 2017-03-01 12:19 - 00541166 _____ C:\Users\peter.mchugh\Downloads\R1110E-PDF-ENG.PDF</p><p>2017-02-23 19:26 - 2017-02-23 19:26 - 00281545 _____ C:\Users\peter.mchugh\Desktop\lucy passport.pdf</p><p>2017-02-23 14:55 - 2017-02-23 14:55 - 00000000 ____D C:\WINDOWS\LastGood.Tmp</p><p>2017-02-22 17:47 - 2017-02-22 17:47 - 00241405 _____ C:\Users\peter.mchugh\Downloads\Questions about Meta-Programs 2011.pdf</p><p>2017-02-22 17:40 - 2017-02-22 17:40 - 02808548 _____ C:\Users\peter.mchugh\Documents\mind map excuses.pdf</p><p>2017-02-22 13:58 - 2017-02-22 13:57 - 00346403 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg</p><p>2017-02-22 13:55 - 2017-02-22 13:55 - 00330586 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg</p><p>2017-02-22 10:26 - 2017-02-22 10:26 - 00465563 _____ C:\Users\peter.mchugh\Downloads\H038KF-PDF-ENG.PDF</p><p>2017-02-21 14:47 - 2017-02-21 14:47 - 00449406 _____ C:\Users\peter.mchugh\Downloads\H012J9-PDF-ENG.PDF</p><p>2017-02-21 14:47 - 2017-02-21 14:47 - 00051360 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG (1).PDF</p><p>2017-02-21 14:32 - 2017-02-21 14:32 - 00051358 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG.PDF</p><p>2017-02-21 13:02 - 2017-02-21 13:02 - 00000000 ____D C:\Users\peter.mchugh\Documents\Zoom</p><p>2017-02-21 09:45 - 2017-02-21 09:45 - 00460471 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView (1).pdf</p><p>2017-02-21 09:45 - 2017-02-21 09:45 - 00456491 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView (1).pdf</p><p>2017-02-21 09:45 - 2017-02-21 09:45 - 00455047 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView (1).pdf</p><p>2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Zoom</p><p>2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom</p><p>2017-02-21 09:35 - 2017-02-21 09:36 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher.exe</p><p>2017-02-21 09:34 - 2017-02-21 09:34 - 00003912 _____ C:\Users\peter.mchugh\Downloads\7 Ways to Increase Your Credibility and Visibility as a Training and Performance Consultant.ics</p><p>2017-02-17 13:43 - 2017-02-17 13:43 - 00134077 _____ C:\Users\peter.mchugh\Desktop\INVOICE HRDQ - Training Tools for Developing Great People Skills.pdf</p><p>2017-02-14 10:55 - 2017-02-14 10:55 - 00455093 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView.pdf</p><p>2017-02-14 10:54 - 2017-02-14 10:54 - 00456540 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView.pdf</p><p>2017-02-14 10:52 - 2017-02-14 10:52 - 00460514 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView.pdf</p><p>2017-02-13 10:00 - 2017-02-13 10:01 - 01035335 _____ C:\Users\peter.mchugh\Downloads\VALUES-Fiona_Mchugh.pdf</p><p>2017-02-13 10:00 - 2017-02-13 10:00 - 00756557 _____ C:\Users\peter.mchugh\Downloads\DISC-Fiona_Mchugh.pdf</p><p>2017-02-13 09:08 - 2017-02-13 09:08 - 00287117 _____ C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg</p><p>2017-02-08 09:46 - 2017-02-08 09:46 - 00361815 _____ C:\Users\peter.mchugh\Downloads\WP-702010-Designing-Learning-Works-2017-ENG.pdf</p><p>2017-02-08 09:23 - 2017-02-08 09:23 - 00165355 _____ C:\Users\peter.mchugh\Downloads\Ladies Lunch 2017.pdf</p><p>2017-02-06 09:45 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe</p><p>2017-02-06 09:45 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-03-08 16:36 - 2016-08-18 19:46 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Skype</p><p>2017-03-08 16:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness</p><p>2017-03-08 16:18 - 2016-09-30 12:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy</p><p>2017-03-08 10:42 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps</p><p>2017-03-07 13:52 - 2015-10-05 11:06 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Packages</p><p>2017-03-07 12:00 - 2016-07-04 18:26 - 00000724 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job</p><p>2017-03-07 12:00 - 2016-07-04 18:26 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job</p><p>2017-03-03 10:57 - 2015-11-30 11:15 - 01285924 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2017-03-03 10:52 - 2016-09-30 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2017-03-03 10:52 - 2016-09-30 12:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat</p><p>2017-03-03 10:52 - 2016-09-08 10:14 - 00000000 ____D C:\ProgramData\ScreenShare</p><p>2017-03-03 10:52 - 2015-10-05 11:06 - 00000000 __SHD C:\Users\peter.mchugh\IntelGraphicsProfiles</p><p>2017-03-03 10:51 - 2016-09-30 12:28 - 00000000 ____D C:\Users\peter.mchugh</p><p>2017-03-03 10:51 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI</p><p>2017-03-02 17:53 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft</p><p>2017-03-02 17:52 - 2016-12-21 20:55 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2</p><p>2017-03-02 17:52 - 2016-10-17 08:35 - 00000000 ____D C:\ProgramData\Skype</p><p>2017-03-02 17:52 - 2015-11-30 11:20 - 00002433 _____ C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2017-03-02 17:52 - 2015-11-30 11:20 - 00000000 ___RD C:\Users\peter.mchugh\OneDrive</p><p>2017-03-02 17:50 - 2016-09-30 12:27 - 00000000 ____D C:\Program Files\DellTPad</p><p>2017-03-02 17:50 - 2015-10-07 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office</p><p>2017-03-02 13:14 - 2015-10-07 10:29 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Adobe</p><p>2017-03-01 12:53 - 2015-09-07 14:05 - 00000000 ____D C:\Program Files\Common Files\Intel</p><p>2017-03-01 12:53 - 2015-09-07 14:04 - 00000000 ____D C:\ProgramData\Intel</p><p>2017-03-01 12:52 - 2015-09-07 14:03 - 00000000 ____D C:\ProgramData\Package Cache</p><p>2017-02-23 19:23 - 2015-10-07 10:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk</p><p>2017-02-23 15:07 - 2015-10-08 12:48 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2017-02-23 15:06 - 2015-10-08 12:48 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2017-02-23 14:55 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF</p><p>2017-02-22 13:57 - 2015-10-20 07:36 - 00000000 ____D C:\Users\peter.mchugh\Documents\Scanned Documents</p><p>2017-02-22 13:42 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp</p><p>2017-02-08 09:22 - 2015-10-07 10:39 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2017-02-08 09:22 - 2015-10-07 10:39 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2017-02-06 19:48 - 2016-11-09 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2017-02-06 19:48 - 2016-11-09 19:16 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>2016-10-20 13:36 - 2016-10-20 13:36 - 0737856 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u111-windows-au.exe</p><p>2017-01-23 10:22 - 2017-01-23 10:22 - 0739904 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u121-windows-au.exe</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2017-03-01 08:49</p><p></p><p>==================== End of FRST.txt ============================</p></blockquote><p></p>
[QUOTE="trixiebell, post: 606776, member: 59841"] here is copy of FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017 Ran by peter.mchugh (administrator) on PETERMCHUGH (08-03-2017 16:39:30) Running from C:\Users\peter.mchugh\Downloads Loaded Profiles: peter.mchugh (Available Profiles: peter.mchugh) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTFAD7.tmp (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Screenleap, Inc.) C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe (Intel Security) C:\Program Files\Intel Security\True Key\application\truekey.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-10] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [ScreenShare] => C:\Users\peter.mchugh\AppData\Local\ScreenShare\ScreenShare.exe [3444776 2016-09-09] (Screenleap, Inc.) HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27250144 2016-12-20] (Skype Technologies S.A.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-03-01] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{88cda5b4-02a8-4cf5-9ad1-9f3e037b9846}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-04] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-04] (Oracle Corporation) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @citrixonline.com/appdetectorplugin -> C:\Users\peter.mchugh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-04] (Citrix Online) FF Plugin HKU\S-1-5-21-3456993172-4159185848-1155247961-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\peter.mchugh\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\peter.mchugh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-26] (Cisco WebEx LLC) Chrome: ======= CHR HomePage: Default -> hxxp://[URL="http://www.google.com/"]www.google.com/[/URL] CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]" CHR Profile: C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default [2017-03-08] CHR Extension: (Google Slides) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-07] CHR Extension: (Google Docs) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-07] CHR Extension: (Google Drive) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (YouTube) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07] CHR Extension: (Google Search) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-07] CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-07-05] CHR Extension: (Google Docs Offline) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30] CHR Extension: (Cisco WebEx Extension) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-02] CHR Extension: (FromDocToPDF) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-03-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02] CHR Extension: (Gmail) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-07] CHR Extension: (Chrome Media Router) - C:\Users\peter.mchugh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13] CHR HKU\S-1-5-21-3456993172-4159185848-1155247961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0297651488807208mcinstcleanup; C:\WINDOWS\TEMP\029765~1.EXE [922152 2016-03-02] (McAfee, Inc.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation) R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [953352 2014-06-10] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.) R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-30] (Microsoft Corporation) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-06-10] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [35136 2014-06-10] (Intel Corporation) R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [547840 2015-09-12] (Intel Corporation) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [192624 2014-06-10] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation) S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] () R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.) R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation) R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] () R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation) R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w8x64.sys [210616 2014-05-14] (BayHubTech/O2Micro ) R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [93872 2014-04-21] (STMicroelectronics) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-08 16:39 - 2017-03-08 16:39 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64 (1).exe 2017-03-08 12:54 - 2017-03-08 12:54 - 01087427 _____ C:\Users\peter.mchugh\Downloads\MScHRMD_Salford.pdf 2017-03-08 12:41 - 2017-03-08 12:41 - 03237451 _____ C:\Users\peter.mchugh\Downloads\salford.pdf 2017-03-07 13:52 - 2017-03-07 13:52 - 06786932 _____ C:\Users\peter.mchugh\Downloads\efire_ac_w1_21feb17.pptx 2017-03-07 12:35 - 2017-03-07 12:35 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (2).exe 2017-03-07 12:22 - 2017-03-07 12:22 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher (1).exe 2017-03-03 10:53 - 2017-03-03 10:53 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner (1).exe 2017-03-03 10:52 - 2017-03-03 10:52 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad 2017-03-03 10:48 - 2017-03-03 10:53 - 00000000 ____D C:\AdwCleaner 2017-03-03 10:48 - 2017-03-03 10:48 - 04031440 _____ C:\Users\peter.mchugh\Downloads\AdwCleaner.exe 2017-03-03 10:39 - 2017-03-03 10:39 - 00032398 _____ C:\Users\peter.mchugh\Desktop\Addition.txt 2017-03-03 10:38 - 2017-03-03 10:38 - 00036479 _____ C:\Users\peter.mchugh\Desktop\FRST.txt 2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Downloads\fixlist.txt 2017-03-03 10:37 - 2017-03-03 10:37 - 00001842 _____ C:\Users\peter.mchugh\Desktop\fixlist.txt 2017-03-03 10:33 - 2017-03-03 10:33 - 00343659 _____ C:\Users\peter.mchugh\Downloads\ClaimRemittance-126244-0004598655.pdf 2017-03-03 10:00 - 2017-03-03 10:01 - 00032395 _____ C:\Users\peter.mchugh\Downloads\Addition.txt 2017-03-03 09:59 - 2017-03-08 16:39 - 00021192 _____ C:\Users\peter.mchugh\Downloads\FRST.txt 2017-03-03 09:59 - 2017-03-08 16:39 - 00000000 ____D C:\FRST 2017-03-03 09:59 - 2017-03-03 09:59 - 02423808 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST64.exe 2017-03-03 09:58 - 2017-03-03 09:58 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST (1).exe 2017-03-02 21:28 - 2017-03-02 21:28 - 01765888 _____ (Farbar) C:\Users\peter.mchugh\Downloads\FRST.exe 2017-03-02 14:53 - 2017-03-02 14:53 - 00004919 _____ C:\Users\peter.mchugh\Downloads\Creating an immersive assessment experience for candidates.ics 2017-03-02 14:44 - 2017-03-02 14:44 - 00465563 _____ C:\Users\peter.mchugh\Downloads\HBR - Understanding emotions as a key leadership skill.PDF 2017-03-02 14:43 - 2017-03-02 14:43 - 01859626 _____ C:\Users\peter.mchugh\Downloads\Emotional_Intelligence_from_a_Different_Perspective_handouts.pdf 2017-03-02 14:43 - 2017-03-02 14:43 - 00188021 _____ C:\Users\peter.mchugh\Downloads\Emotional Intelligence.pdf 2017-03-02 14:37 - 2017-03-02 14:37 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies (1).pdf 2017-03-02 14:31 - 2017-03-02 14:31 - 00106193 _____ C:\Users\peter.mchugh\Downloads\First model - DEVGUIDE-Exec.pdf 2017-03-02 14:27 - 2017-03-02 14:27 - 00045321 _____ C:\Users\peter.mchugh\Downloads\06_Dev_FIRST_Strategies.pdf 2017-03-01 17:18 - 2017-03-01 17:20 - 80923931 _____ C:\Users\peter.mchugh\Downloads\Download 33 Sample Maps.zip 2017-03-01 16:54 - 2017-03-01 16:54 - 00006992 _____ C:\Users\peter.mchugh\Downloads\The Five Question Leader_ Work Less Hard, Have More Impact.ics 2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2017-03-01 13:14 - 2017-03-01 13:14 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-03-01 12:53 - 2017-03-06 13:37 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\tkdata 2017-03-01 12:53 - 2017-03-06 13:33 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-03-01 12:53 - 2017-03-01 12:53 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk 2017-03-01 12:53 - 2017-03-01 12:53 - 00000000 ____D C:\ProgramData\TrueKey 2017-03-01 12:52 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Intel Security 2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-03-01 12:52 - 2017-03-01 12:52 - 00000000 ____D C:\Program Files\Common Files\AV 2017-03-01 12:45 - 2017-03-01 12:45 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\peter.mchugh\Downloads\readerdc_en_ka_install.exe 2017-03-01 12:44 - 2017-03-06 13:33 - 00000000 ____D C:\ProgramData\McAfee 2017-03-01 12:44 - 2017-03-01 13:14 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2017-03-01 12:44 - 2017-03-01 12:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2017-03-01 12:43 - 2017-03-06 13:33 - 00000000 ____D C:\Program Files\TrueKey 2017-03-01 12:22 - 2017-03-01 12:22 - 00397683 _____ C:\Users\peter.mchugh\Downloads\H02KP0-PDF-ENG.PDF 2017-03-01 12:19 - 2017-03-01 12:19 - 00541166 _____ C:\Users\peter.mchugh\Downloads\R1110E-PDF-ENG.PDF 2017-02-23 19:26 - 2017-02-23 19:26 - 00281545 _____ C:\Users\peter.mchugh\Desktop\lucy passport.pdf 2017-02-23 14:55 - 2017-02-23 14:55 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-02-22 17:47 - 2017-02-22 17:47 - 00241405 _____ C:\Users\peter.mchugh\Downloads\Questions about Meta-Programs 2011.pdf 2017-02-22 17:40 - 2017-02-22 17:40 - 02808548 _____ C:\Users\peter.mchugh\Documents\mind map excuses.pdf 2017-02-22 13:58 - 2017-02-22 13:57 - 00346403 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 2.jpeg 2017-02-22 13:55 - 2017-02-22 13:55 - 00330586 _____ C:\Users\peter.mchugh\Desktop\fedex auth form 1.jpeg 2017-02-22 10:26 - 2017-02-22 10:26 - 00465563 _____ C:\Users\peter.mchugh\Downloads\H038KF-PDF-ENG.PDF 2017-02-21 14:47 - 2017-02-21 14:47 - 00449406 _____ C:\Users\peter.mchugh\Downloads\H012J9-PDF-ENG.PDF 2017-02-21 14:47 - 2017-02-21 14:47 - 00051360 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG (1).PDF 2017-02-21 14:32 - 2017-02-21 14:32 - 00051358 _____ C:\Users\peter.mchugh\Downloads\F1401C-PDF-ENG.PDF 2017-02-21 13:02 - 2017-02-21 13:02 - 00000000 ____D C:\Users\peter.mchugh\Documents\Zoom 2017-02-21 09:45 - 2017-02-21 09:45 - 00460471 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView (1).pdf 2017-02-21 09:45 - 2017-02-21 09:45 - 00456491 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView (1).pdf 2017-02-21 09:45 - 2017-02-21 09:45 - 00455047 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView (1).pdf 2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Zoom 2017-02-21 09:36 - 2017-02-21 09:36 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2017-02-21 09:35 - 2017-02-21 09:36 - 00133640 _____ (Zoom Video Communications, Inc.) C:\Users\peter.mchugh\Downloads\Zoom_launcher.exe 2017-02-21 09:34 - 2017-02-21 09:34 - 00003912 _____ C:\Users\peter.mchugh\Downloads\7 Ways to Increase Your Credibility and Visibility as a Training and Performance Consultant.ics 2017-02-17 13:43 - 2017-02-17 13:43 - 00134077 _____ C:\Users\peter.mchugh\Desktop\INVOICE HRDQ - Training Tools for Developing Great People Skills.pdf 2017-02-14 10:55 - 2017-02-14 10:55 - 00455093 _____ C:\Users\peter.mchugh\Downloads\Dave_Delaney_-_MultiView.pdf 2017-02-14 10:54 - 2017-02-14 10:54 - 00456540 _____ C:\Users\peter.mchugh\Downloads\Diarmuid_Doran_-_MultiView.pdf 2017-02-14 10:52 - 2017-02-14 10:52 - 00460514 _____ C:\Users\peter.mchugh\Downloads\Pat_Doyle_-_MultiView.pdf 2017-02-13 10:00 - 2017-02-13 10:01 - 01035335 _____ C:\Users\peter.mchugh\Downloads\VALUES-Fiona_Mchugh.pdf 2017-02-13 10:00 - 2017-02-13 10:00 - 00756557 _____ C:\Users\peter.mchugh\Downloads\DISC-Fiona_Mchugh.pdf 2017-02-13 09:08 - 2017-02-13 09:08 - 00287117 _____ C:\Users\peter.mchugh\Desktop\st marys statement jan17.jpeg 2017-02-08 09:46 - 2017-02-08 09:46 - 00361815 _____ C:\Users\peter.mchugh\Downloads\WP-702010-Designing-Learning-Works-2017-ENG.pdf 2017-02-08 09:23 - 2017-02-08 09:23 - 00165355 _____ C:\Users\peter.mchugh\Downloads\Ladies Lunch 2017.pdf 2017-02-06 09:45 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-02-06 09:45 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-08 16:36 - 2016-08-18 19:46 - 00000000 ____D C:\Users\peter.mchugh\AppData\Roaming\Skype 2017-03-08 16:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-08 16:18 - 2016-09-30 12:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-08 10:42 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-07 13:52 - 2015-10-05 11:06 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Packages 2017-03-07 12:00 - 2016-07-04 18:26 - 00000724 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job 2017-03-07 12:00 - 2016-07-04 18:26 - 00000628 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3456993172-4159185848-1155247961-1001.job 2017-03-03 10:57 - 2015-11-30 11:15 - 01285924 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-03 10:52 - 2016-09-30 12:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-03 10:52 - 2016-09-30 12:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-03-03 10:52 - 2016-09-08 10:14 - 00000000 ____D C:\ProgramData\ScreenShare 2017-03-03 10:52 - 2015-10-05 11:06 - 00000000 __SHD C:\Users\peter.mchugh\IntelGraphicsProfiles 2017-03-03 10:51 - 2016-09-30 12:28 - 00000000 ____D C:\Users\peter.mchugh 2017-03-03 10:51 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-03-02 17:53 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-02 17:52 - 2016-12-21 20:55 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-02 17:52 - 2016-10-17 08:35 - 00000000 ____D C:\ProgramData\Skype 2017-03-02 17:52 - 2015-11-30 11:20 - 00002433 _____ C:\Users\peter.mchugh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-02 17:52 - 2015-11-30 11:20 - 00000000 ___RD C:\Users\peter.mchugh\OneDrive 2017-03-02 17:50 - 2016-09-30 12:27 - 00000000 ____D C:\Program Files\DellTPad 2017-03-02 17:50 - 2015-10-07 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-03-02 13:14 - 2015-10-07 10:29 - 00000000 ____D C:\Users\peter.mchugh\AppData\Local\Adobe 2017-03-01 12:53 - 2015-09-07 14:05 - 00000000 ____D C:\Program Files\Common Files\Intel 2017-03-01 12:53 - 2015-09-07 14:04 - 00000000 ____D C:\ProgramData\Intel 2017-03-01 12:52 - 2015-09-07 14:03 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-23 19:23 - 2015-10-07 10:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-23 15:07 - 2015-10-08 12:48 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 15:06 - 2015-10-08 12:48 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-23 14:55 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-22 13:57 - 2015-10-20 07:36 - 00000000 ____D C:\Users\peter.mchugh\Documents\Scanned Documents 2017-02-22 13:42 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-08 09:22 - 2015-10-07 10:39 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-08 09:22 - 2015-10-07 10:39 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 19:48 - 2016-11-09 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-06 19:48 - 2016-11-09 19:16 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Some files in TEMP: ==================== 2016-10-20 13:36 - 2016-10-20 13:36 - 0737856 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-23 10:22 - 2017-01-23 10:22 - 0739904 _____ (Oracle Corporation) C:\Users\peter.mchugh\AppData\Local\Temp\jre-8u121-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-01 08:49 ==================== End of FRST.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top