Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by arsteige (administrator) on ROSSFAMILY (28-03-2016 08:39:15) Running from C:\Users\arsteige\Downloads Loaded Profiles: arsteige (Available Profiles: arsteige) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe () C:\ProScore5\Server\nxServer.Exe (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files\Intel Security\True Key\Application\truekey.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE () C:\Program Files\Intel Security\True Key\Application\truekey.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.3.532\ASUSWSLoader.exe [63272 2015-08-21] () HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1528496886-270073939-2523521886-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.3.532\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.3.532\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.3.532\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-08-15] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-08-15] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-08-15] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26 Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{1FE3A277-8D1E-4323-9012-9D7701651757}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{1FE3A277-8D1E-4323-9012-9D7701651757}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{66C31704-E29C-4635-8B69-FCF4480E3D66}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{66C31704-E29C-4635-8B69-FCF4480E3D66}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{E0177C47-205F-4461-A398-B656C6CCD952}: [NameServer] 82.163.143.171 82.163.142.173 Tcpip\..\Interfaces\{E0177C47-205F-4461-A398-B656C6CCD952}: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1528496886-270073939-2523521886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1528496886-270073939-2523521886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-28] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-03-14] (Intel Security) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-03-14] (Intel Security) Toolbar: HKU\S-1-5-21-1528496886-270073939-2523521886-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.) Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-05] [not signed] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US885D20150817&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR Profile: C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-16] CHR Extension: (Google Docs) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-16] CHR Extension: (Google Drive) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16] CHR Extension: (Google Search) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Google Sheets) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-16] CHR Extension: (SiteAdvisor) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-16] CHR Extension: (Google Docs Offline) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (Google Forms) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-10-16] CHR Extension: (True Key™ by Intel Security) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16] CHR Extension: (Gmail) - C:\Users\arsteige\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-22] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed] R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-04] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.) R2 NXDBServerV3; C:\ProScore5\Server\nxServer.exe [7809536 2010-09-07] () [File not signed] R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed] R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [864472 2016-03-10] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-10] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-10] (McAfee, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-28 08:39 - 2016-03-28 08:40 - 00023005 _____ C:\Users\arsteige\Downloads\FRST.txt 2016-03-28 08:36 - 2016-03-28 08:39 - 00000000 ____D C:\FRST 2016-03-28 08:36 - 2016-03-28 08:36 - 02374144 _____ (Farbar) C:\Users\arsteige\Downloads\FRST64.exe 2016-03-28 08:36 - 2016-03-28 08:36 - 00001175 _____ C:\Users\arsteige\Desktop\FRST64 - Shortcut.lnk 2016-03-28 08:03 - 2016-03-28 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-03-28 06:35 - 2016-03-28 06:35 - 00000000 ____D C:\ProgramData\04eeefb3-06b1-0 2016-03-28 06:32 - 2016-03-28 08:30 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker 2016-03-28 06:32 - 2016-03-28 06:32 - 00026352 _____ C:\Windows\System32\Tasks\DNSWALTERS 2016-03-28 06:30 - 2016-03-28 06:30 - 00003734 _____ C:\Windows\System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} 2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\3db04732 2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\04eeefb3-0fb1-0 2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{0dc0f51b-212c-0} 2016-03-28 06:30 - 2016-03-28 06:30 - 00000000 ____D C:\ProgramData\{07d566bc-112c-1} 2016-03-24 22:24 - 2016-03-28 08:00 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2016-03-24 18:44 - 2016-03-27 14:51 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2016-03-22 09:24 - 2016-03-22 09:24 - 01393653 _____ C:\Users\arsteige\Downloads\PERFORMANCE ELITE GYMNASTICS-final 3.21.16 .pdf 2016-03-20 15:03 - 2016-03-20 15:03 - 00507413 _____ C:\Users\arsteige\Downloads\Team Camp Registration Flyer.pdf 2016-03-17 11:09 - 2016-03-17 11:09 - 00001465 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-17-2016 (2).qbo 2016-03-17 09:32 - 2016-03-17 09:32 - 00103936 _____ C:\Users\arsteige\Downloads\PFS-NEW-Electronic-w-instructions.xls 2016-03-17 09:26 - 2016-03-17 12:48 - 00869555 _____ C:\Users\arsteige\Documents\Irrigation AOO.pdf 2016-03-17 09:26 - 2016-03-17 11:52 - 02054830 _____ C:\Users\arsteige\Documents\Zwicker Estimate.pdf 2016-03-17 08:13 - 2016-03-17 08:13 - 00002628 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-17-2016 (1).qbo 2016-03-17 08:09 - 2016-03-17 08:09 - 00002350 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-17-2016.qbo 2016-03-16 07:05 - 2016-03-16 07:05 - 00646669 _____ C:\Users\arsteige\Downloads\New Ross-Gymnastics 4 (1).pdf 2016-03-10 07:36 - 2016-03-10 07:36 - 00002351 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-10-2016 (3).qbo 2016-03-10 07:36 - 2016-03-10 07:36 - 00001174 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-10-2016 (2).qbo 2016-03-10 07:29 - 2016-03-10 07:29 - 00005696 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-10-2016 (1).qbo 2016-03-10 07:22 - 2016-03-10 07:22 - 00003170 _____ C:\Users\arsteige\Downloads\Transactions-Download-03-10-2016.qbo 2016-03-09 08:33 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-09 08:33 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-03-09 08:33 - 2016-02-08 15:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2016-03-09 08:33 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-03-09 08:33 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-03-09 08:33 - 2016-02-08 15:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-03-09 08:33 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-03-09 08:33 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-09 08:33 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-03-09 08:33 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-03-09 08:33 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-03-09 08:33 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-03-09 08:33 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-03-09 08:33 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-03-09 08:33 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-03-09 08:33 - 2016-02-08 13:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2016-03-09 08:33 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-03-09 08:33 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-03-09 08:33 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-03-09 08:33 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-09 08:33 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-03-09 08:33 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-03-09 08:32 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-09 08:32 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-09 08:32 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-09 08:32 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-03-09 08:32 - 2016-02-08 12:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-03-09 08:32 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-03-09 08:32 - 2016-02-08 12:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-03-09 08:32 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-03-09 08:29 - 2016-01-24 13:19 - 00419160 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-03-09 08:29 - 2016-01-24 13:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-03-09 08:29 - 2016-01-24 13:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2016-03-09 08:29 - 2016-01-24 06:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll 2016-03-09 08:29 - 2016-01-24 06:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll 2016-03-09 08:28 - 2016-02-12 14:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-03-09 08:28 - 2016-02-12 10:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-09 08:28 - 2016-02-12 09:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2016-03-09 08:28 - 2016-02-12 09:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-03-09 08:28 - 2016-02-12 09:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-03-09 08:28 - 2016-02-12 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-03-09 08:28 - 2016-02-12 09:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-03-09 08:28 - 2016-02-12 09:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-03-09 08:28 - 2016-02-12 09:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-03-09 08:28 - 2016-02-12 09:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-03-09 08:28 - 2016-02-12 09:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-03-09 08:28 - 2016-02-12 09:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-03-09 08:28 - 2016-02-11 09:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2016-03-09 08:28 - 2016-02-11 09:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2016-03-09 08:28 - 2016-02-11 09:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2016-03-09 08:28 - 2016-02-11 09:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2016-03-09 08:28 - 2015-12-30 16:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-03-09 08:27 - 2016-02-20 10:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-09 08:27 - 2016-02-20 10:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-09 08:27 - 2016-02-20 10:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-09 08:27 - 2016-02-20 10:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-09 08:27 - 2016-02-20 10:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-09 08:27 - 2016-02-20 10:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-03-09 08:27 - 2016-02-05 14:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-03-09 08:27 - 2016-01-08 20:38 - 00091992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2016-03-09 08:27 - 2016-01-06 13:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-03-09 08:24 - 2016-02-05 09:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-03-09 08:24 - 2016-02-05 09:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-03-09 08:24 - 2016-02-05 09:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-03-09 08:24 - 2016-02-05 09:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-03-09 08:24 - 2016-01-08 20:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll 2016-03-09 08:24 - 2016-01-08 20:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2016-03-09 08:23 - 2016-02-06 11:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-03-09 08:23 - 2016-02-06 11:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-03-09 08:23 - 2016-02-03 15:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-09 08:23 - 2016-02-03 15:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-09 08:23 - 2016-02-03 10:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-03-09 08:23 - 2016-02-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-09 08:23 - 2016-02-03 10:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-09 08:23 - 2016-01-10 11:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2016-03-09 08:23 - 2016-01-10 11:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2016-03-09 08:23 - 2016-01-06 18:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2016-03-09 08:23 - 2016-01-06 18:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2016-03-09 08:23 - 2016-01-06 11:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2016-03-09 08:22 - 2016-02-06 13:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-09 08:22 - 2016-02-05 14:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2016-03-09 08:22 - 2016-02-05 14:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2016-03-09 08:22 - 2016-02-05 10:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-09 08:22 - 2016-02-05 10:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-09 08:22 - 2015-12-30 15:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-03-09 08:22 - 2015-11-19 09:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-03-09 08:22 - 2015-11-19 09:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-03-09 08:21 - 2016-02-04 13:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-03-09 08:21 - 2016-02-04 13:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-09 08:21 - 2016-02-04 13:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-09 08:21 - 2016-02-04 12:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-09 08:21 - 2016-02-04 12:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-09 08:21 - 2016-02-04 12:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-09 08:21 - 2016-02-04 12:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-09 08:21 - 2016-01-31 14:16 - 00148832 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-03-09 08:21 - 2016-01-15 11:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll 2016-03-09 08:21 - 2016-01-15 11:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll 2016-03-09 08:21 - 2016-01-05 10:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2016-03-09 08:21 - 2015-12-20 09:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-03-09 08:21 - 2015-12-20 09:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe 2016-03-09 08:21 - 2015-12-20 09:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-03-08 09:02 - 2016-03-08 09:02 - 00003238 _____ C:\Windows\System32\Tasks\{69E6356F-B762-4484-BF69-7E7D9E56FDA6} 2016-03-08 09:01 - 2016-03-08 09:01 - 00000000 ____D C:\Users\arsteige\AppData\Local\Broderbund Software 2016-03-08 08:58 - 2016-03-08 08:58 - 00000000 ____D C:\ProgramData\Broderbund LLC 2016-03-08 08:57 - 2016-03-08 08:57 - 00000000 ____D C:\ProgramData\Broderbund Software 2016-03-08 08:55 - 2016-03-08 08:55 - 00001854 _____ C:\Users\Public\Desktop\The Print Shop 12.lnk 2016-03-08 08:55 - 2016-03-08 08:55 - 00000178 _____ C:\Users\Public\Desktop\ExpressIt by Broderbund.url 2016-03-08 08:55 - 2016-03-08 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop 2016-03-08 08:55 - 2016-03-08 08:55 - 00000000 ____D C:\Program Files (x86)\Broderbund 2016-03-08 08:55 - 1999-04-21 05:08 - 00029184 ____N (Blue Sky Software) C:\Windows\SysWOW64\Popup.ocx 2016-03-08 08:55 - 1996-10-30 16:17 - 00087328 ____N (Twain Working Group) C:\Windows\TWAIN.DLL 2016-03-08 08:55 - 1996-10-30 16:17 - 00069632 ____N (Twain Working Group) C:\Windows\TWUNK_32.EXE 2016-03-08 08:55 - 1996-10-30 16:17 - 00048560 ____N (Twain Working Group) C:\Windows\TWUNK_16.EXE ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-28 08:37 - 2015-10-16 06:20 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-28 08:15 - 2015-08-15 12:58 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1528496886-270073939-2523521886-1001 2016-03-28 08:10 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-28 08:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2016-03-28 08:01 - 2015-08-15 12:55 - 00000093 _____ C:\Users\arsteige\AppData\Roaming\sp_data.sys 2016-03-28 08:00 - 2015-10-16 06:20 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-28 06:43 - 2014-03-18 05:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-28 06:43 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf 2016-03-28 06:39 - 2015-12-03 12:57 - 00000000 ____D C:\Program Files\TrueKey 2016-03-28 06:39 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-28 06:38 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-28 06:36 - 2015-08-15 13:01 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E8E34F28-5265-45D0-AB68-C8F4FC18716F} 2016-03-28 06:35 - 2015-12-03 13:00 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2016-03-28 06:34 - 2015-08-24 19:57 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon 2016-03-28 06:34 - 2015-08-24 19:57 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2016-03-28 06:33 - 2016-02-24 09:01 - 00000000 ____D C:\ProgramData\dbc01a43-3613-0 2016-03-28 06:31 - 2016-02-24 09:01 - 00000000 ____D C:\ProgramData\dbc01a43-04b1-1 2016-03-27 14:53 - 2015-10-16 06:28 - 00000000 ____D C:\Users\arsteige\Documents\PEG 2016-03-27 14:51 - 2015-08-15 12:52 - 00000000 ____D C:\Users\arsteige\AppData\Local\VirtualStore 2016-03-27 14:21 - 2015-08-15 13:39 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-03-27 14:21 - 2015-08-15 13:39 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-03-25 08:25 - 2015-11-24 15:54 - 73021440 ___SH C:\Users\arsteige\Downloads\Thumbs.db 2016-03-24 04:01 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp 2016-03-24 03:56 - 2015-08-15 12:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-03-24 03:56 - 2015-08-15 12:50 - 00000000 ___SD C:\Windows\system32\GWX 2016-03-23 06:21 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-23 06:17 - 2014-10-02 15:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-03-22 11:41 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-03-18 06:49 - 2015-09-27 11:29 - 00000000 ____D C:\Users\arsteige\Documents\Outlook Files 2016-03-17 09:32 - 2015-08-15 12:52 - 00000000 ____D C:\Users\arsteige\AppData\Local\Packages 2016-03-17 06:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-03-14 20:54 - 2015-08-15 12:52 - 00000000 ____D C:\Users\arsteige 2016-03-14 19:43 - 2015-10-16 06:22 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-14 19:43 - 2015-10-16 06:22 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-13 09:20 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache 2016-03-13 08:13 - 2015-08-16 13:03 - 00003106 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1528496886-270073939-2523521886-1001 2016-03-13 08:13 - 2015-08-16 13:03 - 00000000 ___RD C:\Users\arsteige\OneDrive 2016-03-11 05:21 - 2013-08-22 09:44 - 00538336 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-10 16:12 - 2015-10-15 04:34 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-10 09:06 - 2015-10-15 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-10 08:48 - 2015-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT 2016-03-10 08:38 - 2015-08-15 16:28 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-09 15:47 - 2015-12-07 16:07 - 00000000 ___RD C:\Users\arsteige\Documents\Scanned Documents 2016-03-09 08:27 - 2015-12-08 16:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-03-09 08:27 - 2015-12-08 16:08 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-03-09 08:27 - 2015-12-08 16:08 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-03-08 15:38 - 2014-10-02 15:28 - 00000000 ____D C:\Windows\Panther 2016-03-08 15:31 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT 2016-03-08 08:55 - 2015-06-08 17:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-08 02:00 - 2015-08-15 18:43 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-08 02:00 - 2015-08-15 18:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-08-15 12:55 - 2016-03-28 08:01 - 0000093 _____ () C:\Users\arsteige\AppData\Roaming\sp_data.sys 2015-11-11 07:25 - 2015-11-11 07:25 - 0000000 _____ () C:\Users\arsteige\AppData\Local\{345231BE-13F9-4289-9B44-389DE3DF5687} 2015-06-08 17:35 - 2015-06-08 17:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-10-02 15:33 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-10-02 15:33 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-10-02 15:33 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== C:\Users\arsteige\AppData\Local\Temp\128567794.t.exe C:\Users\arsteige\AppData\Local\Temp\Abspdf.exe C:\Users\arsteige\AppData\Local\Temp\acfpdfu.dll C:\Users\arsteige\AppData\Local\Temp\acfpdfuamd64.dll C:\Users\arsteige\AppData\Local\Temp\acfpdfui.dll C:\Users\arsteige\AppData\Local\Temp\acfpdfuia64.dll C:\Users\arsteige\AppData\Local\Temp\acfpdfuiamd64.dll C:\Users\arsteige\AppData\Local\Temp\acfpdfuiia64.dll C:\Users\arsteige\AppData\Local\Temp\cdintf.dll C:\Users\arsteige\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\arsteige\AppData\Local\Temp\McCSPInstall.dll C:\Users\arsteige\AppData\Local\Temp\nsb31ED.tmp.exe C:\Users\arsteige\AppData\Local\Temp\nsb573B.tmp.exe C:\Users\arsteige\AppData\Local\Temp\PDFPRT400.exe C:\Users\arsteige\AppData\Local\Temp\singleFormDownloader.exe C:\Users\arsteige\AppData\Local\Temp\singleFormDownloaderUpdater.exe C:\Users\arsteige\AppData\Local\Temp\xmllite.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-21 08:17 ==================== End of FRST.txt ============================