Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible trojan infection?

trojan

  • Please log in to reply

#1
Lmitchell14

Lmitchell14

    New Member

  • Member
  • Pip
  • 5 posts

I bought a new computer two months ago. It has been having network connection problems since day one, even though I have a good connection and my laptop never had any problems. I did a network reset, and then had all kinds of issues because apparently there is something wrong with my windows updater. I did a system restore to get my drivers back, in order to go online and get help fixing the windows updater, which didn't seem to get fixed, so I looked up "network adapter" issues, and found some articles saying I might have a trojan virus, or more. I may have both of these, but I'm no expert, lol. 

  • TROJ_INJECTO.EJRW
  • GatherNetworkInfo.vbs
 
I did find some of their associated files on my comp, though, and the symptoms are the same. Processes running, having to constantly reset the network adapter, and a whole ton of things happening that I don't understand in my event manager. The strange thing is, the associated files were created late last year, when I just got my computer in February. Is it possible they came already on it? And if so, how? I finally refused to buy a refurbished comp and got a brand new one; would it have come already infected? I usually only download stupid pictures from facebook, or assignments for school. I did download and install Second Life for a psychology of the internet assignment, could that have caused any problems? I also installed and ran two cleaners, I think. I need help figuring out how to fix my windows updater and making sure thic comp is virus free, and I would appreciate any help. Thank you very much in advance!
Here is the FRST txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Leah (administrator) on MINE (07-04-2018 05:44:16)
Running from C:\Users\leahm\Desktop
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9826f6f0b93d98e5\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Plumbytes Software Lp) C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9826f6f0b93d98e5\IntelCpHDCPSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9826f6f0b93d98e5\IntelCpHeciSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9826f6f0b93d98e5\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(f.lux Software LLC) C:\Users\leahm\AppData\Local\FluxSoftware\Flux\flux.exe
(hxxp://www.ruby-lang.org/) C:\Users\leahm\AppData\Local\Temp\ocr3299.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\leahm\AppData\Local\Temp\ocr5D04.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\nwjs\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\7.2.1023\7.2.1023\TmsaInstance64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Plumbytes Anti-Malware] => C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe [1961200 2017-12-29] (Plumbytes Software Lp)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245872 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1242568 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235464 2017-05-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494024 2017-05-08] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [975744 2017-05-01] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2018-03-03] (alch)
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\Run: [f.lux] => C:\Users\leahm\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{5c6e38bb-7bfb-4f78-a085-f6fd9e43a040}: [DhcpNameServer] 74.211.89.200 74.211.89.201 24.56.178.102
Tcpip\..\Interfaces\{ebd0c933-15d0-439a-aa25-d3e6fcc09af6}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo/
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-3382435440-3877621608-2012671848-1001 -> DefaultScope {9C085BA1-BC8B-4BE6-9072-D5F60B0C0623} URL = 
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-02-16] (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
 
Edge: 
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2018-03-25]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-25]
 
FireFox:
========
FF DefaultProfile: opem6fms.default
FF ProfilePath: C:\Users\leahm\AppData\Roaming\Mozilla\Firefox\Profiles\opem6fms.default [2018-04-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\opem6fms.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2018-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-15] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [374968 2017-07-19] (Trend Micro Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [325600 2016-08-28] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-02-08] (Microsoft Corporation)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
R2 pbamw_service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe [126192 2018-01-03] (Plumbytes Software Lp)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1129928 2017-07-23] (Trend Micro Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333320 2017-05-08] (Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-01] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-08-29] (Qualcomm Atheros Communications, Inc.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdd.inf_amd64_66c307aeb33bfade\nvlddmkm.sys [14848440 2017-04-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realsil Semiconductor Corporation)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [145048 2017-10-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [449688 2017-10-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [140952 2017-10-04] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-01-16] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [132512 2018-01-30] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [134264 2018-01-22] (Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 05:44 - 2018-04-07 05:44 - 000017498 _____ C:\Users\leahm\Desktop\FRST.txt
2018-04-07 05:43 - 2018-04-07 05:44 - 000000000 ____D C:\FRST
2018-04-07 05:41 - 2018-04-07 05:41 - 002403328 _____ (Farbar) C:\Users\leahm\Desktop\FRST64.exe
2018-04-06 16:20 - 2018-04-06 16:20 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-04-06 10:50 - 2018-04-06 14:40 - 000000000 ____D C:\Users\leahm\Documents\Sound recordings
2018-04-05 21:33 - 2018-04-05 21:33 - 000076998 _____ C:\Users\leahm\Desktop\download (17).jfif
2018-04-05 21:29 - 2018-04-05 21:29 - 000076998 _____ C:\Users\leahm\Desktop\download (13).jfif
2018-04-05 21:29 - 2018-04-05 21:29 - 000047575 _____ C:\Users\leahm\Desktop\download (14).jfif
2018-04-05 21:29 - 2018-04-05 21:29 - 000040656 _____ C:\Users\leahm\Desktop\download (16).jfif
2018-04-05 21:29 - 2018-04-05 21:29 - 000028842 _____ C:\Users\leahm\Desktop\download (15).jfif
2018-04-04 09:58 - 2018-04-04 09:58 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-04-04 01:02 - 2018-04-04 01:02 - 000407288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-03 23:28 - 2018-04-03 23:28 - 000028130 _____ C:\Users\leahm\Desktop\startup.txt
2018-04-03 23:26 - 2018-04-03 23:26 - 000028142 _____ C:\Users\leahm\Desktop\Clam report.txt
2018-04-03 00:13 - 2018-04-03 00:13 - 000000824 _____ C:\Users\leahm\Desktop\hosts.txt
2018-04-02 23:32 - 2018-04-02 23:33 - 000007914 _____ C:\Users\leahm\Desktop\cc_20180402_233255.reg
2018-04-02 22:59 - 2018-04-02 22:59 - 000110012 _____ C:\Users\leahm\Desktop\cc_20180402_225901.reg
2018-04-02 22:47 - 2018-04-05 00:07 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-02 22:47 - 2018-04-02 22:47 - 000002846 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-02 22:47 - 2018-04-02 22:47 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-02 22:47 - 2018-04-02 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-02 22:47 - 2018-04-02 22:47 - 000000000 ____D C:\Program Files\CCleaner
2018-04-02 22:39 - 2018-04-02 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2018-04-02 22:39 - 2018-04-02 22:40 - 000000000 ____D C:\Users\leahm\AppData\Roaming\.clamwin
2018-04-02 22:38 - 2018-04-02 22:47 - 000000000 ____D C:\Program Files (x86)\ClamWin
2018-04-02 22:38 - 2018-04-02 22:38 - 000000000 ____D C:\ProgramData\.clamwin
2018-04-02 22:27 - 2018-04-02 22:36 - 172661090 _____ (alch ) C:\Users\leahm\Desktop\clamwin-0.99.4-setup.exe
2018-03-31 03:24 - 2018-03-31 03:24 - 000000000 ____D C:\Users\leahm\AppData\Local\CEF
2018-03-31 03:23 - 2018-03-31 06:56 - 000000000 ____D C:\Users\leahm\AppData\Local\SecondLife
2018-03-31 03:23 - 2018-03-31 03:24 - 000000000 ____D C:\Users\leahm\AppData\Roaming\SecondLife
2018-03-31 03:23 - 2018-03-31 03:23 - 000001874 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2018-03-31 03:23 - 2018-03-31 03:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2018-03-31 03:23 - 2018-03-31 03:23 - 000000000 ____D C:\Program Files\SecondLifeViewer
2018-03-31 03:22 - 2018-03-31 03:23 - 110067296 ____N C:\Users\leahm\Desktop\Second_Life_5_1_2_512803_x86_64_Setup.exe
2018-03-30 12:07 - 2018-03-30 12:07 - 000000000 ____D C:\Users\leahm\AppData\Local\ElevatedDiagnostics
2018-03-30 12:06 - 2018-03-30 12:06 - 000195346 _____ C:\Users\leahm\Downloads\wu170509.diagcab
2018-03-29 20:50 - 2018-03-29 20:50 - 000194212 _____ C:\Users\leahm\Desktop\download (12).jfif
2018-03-29 12:57 - 2018-03-29 12:58 - 000344777 _____ C:\Users\leahm\Downloads\midpoint_review_for_MA_in_Interdisciplinary_Studies.zip
2018-03-29 11:46 - 2018-03-29 11:46 - 000068854 _____ C:\Users\leahm\Desktop\download (11).jfif
2018-03-29 02:10 - 2018-03-29 02:10 - 000088501 _____ C:\Users\leahm\Downloads\Glitter and Dust_Draft_WNMU-1 (1).pdf
2018-03-29 00:28 - 2018-03-29 00:28 - 000159032 _____ C:\Users\leahm\Desktop\download (10).jfif
2018-03-29 00:28 - 2018-03-29 00:28 - 000077185 _____ C:\Users\leahm\Desktop\download (9).jfif
2018-03-29 00:27 - 2018-03-29 00:27 - 000170566 _____ C:\Users\leahm\Desktop\download (7).jfif
2018-03-29 00:27 - 2018-03-29 00:27 - 000073428 _____ C:\Users\leahm\Desktop\download (8).jfif
2018-03-29 00:27 - 2018-03-29 00:27 - 000056253 _____ C:\Users\leahm\Desktop\download (6).jfif
2018-03-28 12:00 - 2018-03-28 12:00 - 000000000 ____D C:\WINDOWS\Panther
2018-03-28 08:00 - 2018-03-28 08:00 - 000164026 _____ C:\Users\leahm\Downloads\CNF Draft_The Story of a Land Where the Buffalo Once Roamed.pdf
2018-03-28 07:26 - 2018-03-28 12:00 - 000000000 ____D C:\Users\leahm\AppData\Local\PlaceholderTileLogoFolder
2018-03-28 04:42 - 2018-03-28 04:42 - 000000000 ____D C:\Program Files\Common Files\TmSentry
2018-03-27 15:21 - 2018-03-27 15:21 - 000349582 _____ C:\Users\leahm\Desktop\download (5).jfif
2018-03-27 13:20 - 2018-03-27 13:20 - 000242225 _____ C:\Users\leahm\Downloads\MitchellL_Mid-PointEssay_Feedback_revise (1).pdf
2018-03-27 13:20 - 2018-03-27 13:20 - 000242225 _____ C:\Users\leahm\Desktop\MitchellL_Mid-PointEssay_Feedback_revise (1).pdf
2018-03-25 05:18 - 2018-03-25 05:18 - 000036381 _____ C:\Users\leahm\Desktop\thumbnail.jfif
2018-03-25 01:08 - 2018-04-04 01:02 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-24 23:59 - 2018-03-25 03:14 - 000000000 ____D C:\WINDOWS\pss
2018-03-24 04:40 - 2018-03-24 04:40 - 000000017 _____ C:\Users\leahm\AppData\Local\resmon.resmoncfg
2018-03-24 03:20 - 2018-03-24 21:15 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-24 02:46 - 2018-03-24 02:46 - 000088501 _____ C:\Users\leahm\Downloads\Glitter and Dust_Draft_WNMU-1.pdf
2018-03-24 02:41 - 2018-03-24 02:41 - 000306176 _____ C:\Users\leahm\Desktop\LunarSurvival.ppt
2018-03-24 02:39 - 2018-03-24 02:39 - 000087040 _____ C:\Users\leahm\Downloads\LunarSurvival.ppt
2018-03-23 09:32 - 2018-03-23 09:32 - 000073339 _____ C:\Users\leahm\Downloads\Leah Mitchell Petition for Independent Study.pdf
2018-03-22 16:57 - 2018-03-22 16:58 - 000364899 _____ C:\Users\leahm\Downloads\Their Story (1).pdf
2018-03-22 10:56 - 2018-03-22 10:56 - 000242225 _____ C:\Users\leahm\Downloads\MitchellL_Mid-PointEssay_Feedback_revise.pdf
2018-03-21 00:58 - 2018-03-21 00:58 - 000042627 _____ C:\Users\leahm\Desktop\download (4).jfif
2018-03-20 12:09 - 2018-03-20 12:09 - 000047265 _____ C:\Users\leahm\Downloads\lepus.jfif
2018-03-20 12:08 - 2018-03-20 12:08 - 000047265 _____ C:\Users\leahm\Desktop\lepus.jfif
2018-03-20 12:07 - 2018-03-20 12:07 - 000020017 _____ C:\Users\leahm\Desktop\download (3).jfif
2018-03-20 01:04 - 2018-03-20 01:04 - 000060656 _____ C:\Users\leahm\Desktop\astro_w2gw_leah.25431.42153.pdf
2018-03-18 03:05 - 2018-03-18 03:05 - 000414533 _____ C:\Users\leahm\Downloads\document.pdf
2018-03-17 22:27 - 2018-03-17 22:34 - 004370886 _____ C:\Users\leahm\Downloads\Download_The_Lost_Ways.pdf.opdownload
2018-03-16 03:03 - 2018-03-16 03:03 - 000507216 _____ C:\Users\leahm\Downloads\The Lost Ways (1).pdf
2018-03-16 02:53 - 2018-03-16 02:53 - 000507216 _____ C:\Users\leahm\Downloads\The Lost Ways.pdf
2018-03-15 22:03 - 2018-03-15 22:03 - 000052599 _____ C:\Users\leahm\Desktop\457px-Geomantic_figures.svg
2018-03-14 09:10 - 2018-03-14 09:10 - 000573974 _____ C:\Users\leahm\Desktop\bookmarks_3_14_18.html
2018-03-13 20:52 - 2018-03-13 20:52 - 000060202 _____ C:\Users\leahm\Desktop\download (2).jfif
2018-03-13 10:03 - 2018-03-13 10:03 - 000114132 _____ C:\Users\leahm\Downloads\altPente.pdf
2018-03-13 07:00 - 2018-03-13 07:00 - 000013207 _____ C:\Users\leahm\Downloads\download (1).jfif
2018-03-13 07:00 - 2018-03-13 07:00 - 000013207 _____ C:\Users\leahm\Downloads\download (1) (1).jfif
2018-03-13 06:59 - 2018-03-13 06:59 - 000013207 _____ C:\Users\leahm\Desktop\download (1).jfif
2018-03-08 13:45 - 2018-03-08 13:45 - 000364899 _____ C:\Users\leahm\Downloads\Their Story.pdf
2018-03-08 06:18 - 2018-03-08 06:18 - 000171863 _____ C:\Users\leahm\Downloads\CNF Draft_The Story of a Land Where the Buffalo Once Roamed-1.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 05:43 - 2018-02-06 16:42 - 000000000 ____D C:\Users\leahm\Desktop\Shortcuts
2018-04-07 05:33 - 2018-02-09 11:02 - 001625428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-07 05:29 - 2017-09-29 02:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-04-07 05:27 - 2018-02-09 10:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-07 05:27 - 2017-10-14 01:05 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-07 05:26 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-07 05:08 - 2018-02-09 10:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-06 22:29 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-06 16:20 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-06 16:20 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-06 10:13 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-04 09:58 - 2017-10-14 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-03 03:58 - 2018-02-07 08:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-03 03:57 - 2018-02-07 08:39 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-03 03:57 - 2018-02-07 08:39 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-02 23:02 - 2018-02-06 16:56 - 000000000 ____D C:\Users\leahm\AppData\Local\CrashDumps
2018-04-02 22:55 - 2018-02-09 10:55 - 000000000 ____D C:\Users\leahm\AppData\Local\Packages
2018-04-02 22:55 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-02 19:53 - 2018-02-06 16:31 - 000000000 ____D C:\Program Files (x86)\Opera
2018-04-02 04:49 - 2018-02-24 01:30 - 000000000 ____D C:\Users\leahm\AppData\Roaming\vlc
2018-03-31 09:56 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-31 07:12 - 2018-02-09 10:55 - 000000000 ____D C:\Users\leahm
2018-03-31 01:45 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-31 01:41 - 2018-02-09 10:58 - 000003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1517956303
2018-03-31 01:41 - 2018-02-06 16:31 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-25 21:04 - 2018-02-06 16:55 - 000000000 ____D C:\ProgramData\Trend Micro
2018-03-25 06:02 - 2017-10-14 01:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-25 06:02 - 2017-10-14 01:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-25 06:02 - 2017-10-14 01:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-25 03:41 - 2017-10-14 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-03-25 03:41 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Help
2018-03-25 03:19 - 2018-02-07 17:16 - 000001054 _____ C:\Users\leahm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-03-25 00:06 - 2018-02-16 01:54 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2018-03-25 00:06 - 2018-02-14 19:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3382435440-3877621608-2012671848-1001
2018-03-25 00:06 - 2018-02-09 11:01 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-25 00:06 - 2018-02-06 20:22 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh
2018-03-25 00:06 - 2018-02-06 20:22 - 000000000 ____D C:\WINDOWS\system32\tmumh
2018-03-25 00:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-03-25 00:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-03-25 00:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-25 00:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-03-25 00:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-25 00:06 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-25 00:06 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\servicing
2018-03-25 00:05 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-03-25 00:03 - 2018-03-06 21:30 - 000000000 ____D C:\Program Files\pia_manager
2018-03-25 00:03 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-25 00:03 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\registration
2018-03-24 04:39 - 2018-02-06 16:16 - 000000000 ___RD C:\Users\leahm\OneDrive
2018-03-24 03:18 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-14 07:17 - 2017-06-28 04:07 - 000000000 ____D C:\Users\leahm\Desktop\Exit Projects
2018-03-10 03:42 - 2018-02-16 14:43 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3382435440-3877621608-2012671848-1001
2018-03-10 03:42 - 2018-02-16 01:54 - 000002369 _____ C:\Users\leahm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2018-02-06 16:54 - 2018-02-06 16:54 - 000000036 _____ () C:\Users\leahm\AppData\Local\housecall.guid.cache
2018-03-24 04:40 - 2018-03-24 04:40 - 000000017 _____ () C:\Users\leahm\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2018-04-02 22:53 - 2018-04-02 22:53 - 001876992 _____ (Opera Software) C:\Users\leahm\AppData\Local\Temp\Opera_installer_180403045352579.dll
2018-04-02 22:53 - 2018-04-02 22:53 - 001876992 _____ (Opera Software) C:\Users\leahm\AppData\Local\Temp\Opera_installer_180403045352800.dll
2018-04-02 22:53 - 2018-04-02 22:53 - 001876992 _____ (Opera Software) C:\Users\leahm\AppData\Local\Temp\Opera_installer_180403045352962.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-04 06:44
 
==================== End of FRST.txt ============================

 

Addition txt:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Leah (07-04-2018 05:44:38)
Running from C:\Users\leahm\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-09 16:59:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3382435440-3877621608-2012671848-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3382435440-3877621608-2012671848-503 - Limited - Disabled)
Guest (S-1-5-21-3382435440-3877621608-2012671848-501 - Limited - Disabled)
Leah (S-1-5-21-3382435440-3877621608-2012671848-1001 - Administrator - Enabled) => C:\Users\leahm
WDAGUtilityAccount (S-1-5-21-3382435440-3877621608-2012671848-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Internet Security (Enabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
ClamWin Free Antivirus 0.99.4 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Dell Digital Delivery (HKLM-x32\...\{824A41E2-5C69-421C-8991-5351D7C3E6BF}) (Version: 3.3.1001.0 - Dell Products, LP)
Dell Update - SupportAssist Update Plugin (HKLM\...\{C7EE237C-1350-409E-8681-993C74E48757}) (Version: 3.1.1.3834 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
f.lux (HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\Flux) (Version:  - f.lux Software LLC)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9029.2054 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2054 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2054 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9029.2054 - Microsoft Corporation) Hidden
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Plumbytes Anti-Malware 2018 (HKLM\...\Plumbytes Anti-Malware 2018) (Version:  - Plumbytes Software)
Private Internet Access v77 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 77 - London Trust Media, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.11 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek)
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 5.1.2.512803 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 12.0 - Trend Micro Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3382435440-3877621608-2012671848-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9826f6f0b93d98e5\igfxDTCM.dll [2017-12-08] (Intel Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FF54189-CEEA-4F21-9BFA-B7146C8D3B69} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-16] (Microsoft Corporation)
Task: {14C677F3-63CB-4700-A82D-8F12F8C9B6B4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {1CEB86D9-DD7A-467D-84E3-CE09B1F1116D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-02-15] (Microsoft Corporation)
Task: {26845DF8-4D1D-43B0-BB79-2D50B682E855} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {3AFBF5C0-3140-46AD-A293-55D1D174A484} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {4D28DDCD-5A54-439D-B36B-44B677EA4E07} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {53B6283B-842C-4E54-8B5E-0C26F02B1BF4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {57CFF7B2-E33F-42CD-A4DF-1ECCAA9EBB9A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {583BADC9-BE9E-49EC-A89A-A02393411A45} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-16] (Microsoft Corporation)
Task: {63A647A6-7C51-44A8-A286-2012064A343A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {69E08C27-00CA-4D2A-9E8E-460D42F21BDD} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3382435440-3877621608-2012671848-1001
Task: {70FC899D-EED4-46B9-A310-4CE9FC889E7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\msoia.exe
Task: {7A23C2FF-5BED-4387-9DE7-6068EDBAEEFF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {809111D6-41B5-4D88-9FAA-404C6C1FF635} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2018-02-19] ()
Task: {96020036-9911-48FC-8951-33EDE089134E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {998825D7-799D-4C64-B864-DFA2E1138217} - System32\Tasks\S-1-5-21-3382435440-3877621608-2012671848-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {A57992A0-5F12-4262-A8E6-DE38659E5609} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\msoia.exe
Task: {B7398156-6287-4628-B5C5-292EF9817C96} - System32\Tasks\Opera scheduled Autoupdate 1517956303 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {CAECBC8F-E285-4FE4-A688-DDDACC1DBE12} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D2AA0887-004C-43CF-BC67-B6E452128EBB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {DA6A4041-110F-4817-B83C-F2231ABA271B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-06 20:22 - 2017-01-13 01:41 - 000039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-01-13 01:39 - 000076288 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-01-13 02:01 - 000737792 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2018-02-06 20:22 - 2017-01-13 01:42 - 000131072 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-01-13 01:39 - 000048640 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-01-13 01:55 - 002333184 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2018-02-06 19:45 - 2017-07-23 13:24 - 000182568 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2017-12-27 04:08 - 2017-12-27 04:08 - 000111104 _____ () C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Zlib.dll
2018-02-06 20:22 - 2017-07-23 13:24 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-07-23 13:24 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-07-23 13:24 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-07-23 13:24 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll
2018-02-06 20:22 - 2017-07-23 13:24 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll
2018-03-06 21:30 - 2018-02-19 11:57 - 012228088 _____ () C:\Program Files\pia_manager\pia_manager.exe
2018-04-02 22:38 - 2008-04-19 17:35 - 000080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2018-02-07 17:28 - 2018-02-07 17:29 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2018-02-07 17:28 - 2018-02-07 17:29 - 002360512 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-02-07 17:28 - 2018-02-07 17:29 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.0.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2018-02-14 12:12 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 12:12 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-06 19:45 - 2017-07-23 13:24 - 000085952 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2018-03-06 21:30 - 2018-02-19 11:57 - 000696600 _____ () C:\Program Files\pia_manager\openvpn.exe
2018-03-06 21:30 - 2018-02-19 11:57 - 000199736 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2018-03-06 21:30 - 2018-02-19 11:57 - 000114304 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2018-03-06 21:30 - 2018-02-19 11:57 - 000148248 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\leahm\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_0314.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Plumbytes Anti-Malware"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "ClamWin"
HKU\S-1-5-21-3382435440-3877621608-2012671848-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0C7D7367-8B0C-4CFF-9368-ECBCCF9B1570}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E435A25F-CB09-4C90-AF34-67CE7FE5B570}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2C150432-2903-4FE6-9959-BCE9657A63E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3CD08521-8561-4F9E-B2A9-BFA13C4296FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{15D4BB77-B0E8-43A1-BA46-D4D297BD2470}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EB84BFC9-4B3A-467A-AE49-D93A150B67A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{AF33D00F-038A-4BE2-A9D0-71259705660F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{59D803E7-9465-4FD3-9E75-6B9F04039330}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{8B4CBA5F-B081-424A-88ED-A00875365176}] => (Allow) LPort=5357
FirewallRules: [{A449E155-EC76-47AC-A6F1-ECC0BBB0E03C}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C659AB7E-213C-438C-9E26-7240FE31D081}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
FirewallRules: [TCP Query User{269BE890-5FA3-45A6-AFAB-26CECF8A8849}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{406EF078-DBA5-4D76-960F-AC8A5A5578DB}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [{DED50DA2-460D-4BD9-AD1E-47251B42F684}] => (Block) C:\program files\secondlifeviewer\slvoice.exe
FirewallRules: [{9773308A-2405-42D7-8E38-21839E96EFB9}] => (Block) C:\program files\secondlifeviewer\slvoice.exe
 
==================== Restore Points =========================
 
29-03-2018 15:06:57 Windows Modules Installer
03-04-2018 03:57:26 Windows Update
06-04-2018 16:20:26 Windows Update
06-04-2018 16:20:49 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1707 Bluetooth 4.0 LE Device
Description: Dell Wireless 1707 Bluetooth 4.0 LE Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2018 05:44:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: MtcUvc.dll, version: 10.0.16299.15, time stamp: 0x59cda990
Exception code: 0xc0000005
Fault offset: 0x00000000000182f8
Faulting process id: 0x1d0c
Faulting application start time: 0x01d3cc6a86536d20
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\ShellExperiences\MtcUvc.dll
Report Id: dd5d3bb3-08d9-4996-bfa8-2cc3ed94166d
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (03/29/2018 01:15:05 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {78000EFC-0341-4241-90B9-81D5F4C9064B}
 
Error: (03/29/2018 01:14:53 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {78000EFC-0341-4241-90B9-81D5F4C9064B}
 
Error: (03/25/2018 12:53:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nvcontainer.exe version 1.2.2158.9553 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 758
 
Start Time: 01d3c466ada14760
 
Termination Time: 1
 
Application Path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
 
Report Id: 9b738ae7-4adc-4dba-adb7-821dec805c60
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/25/2018 03:14:52 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3868,R,0) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU008BB.log.
 
Error: (03/24/2018 11:43:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 11.6.0.1030, time stamp: 0x57d9870d
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0x19bc
Faulting application start time: 0x01d3c3fc420ee405
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 1549b0a0-4d96-4293-aaba-fd6b07e70f87
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/24/2018 11:42:01 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070002.
 
Error: (03/24/2018 11:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Notes.exe, version: 2.1.17.0, time stamp: 0x5aa9c0a7
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.248, time stamp: 0xc27fa098
Exception code: 0xc000027b
Fault offset: 0x00000000004e5629
Faulting process id: 0x1550
Faulting application start time: 0x01d3c3fbff0ff150
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: d53d7728-dbd4-405f-aa1a-7773f5e78007
Faulting package full name: Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (04/07/2018 05:36:27 AM) (Source: DCOM) (EventID: 10016) (User: MINE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MINE\Leah SID (S-1-5-21-3382435440-3877621608-2012671848-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 05:27:05 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (04/06/2018 10:28:32 PM) (Source: DCOM) (EventID: 10016) (User: MINE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MINE\Leah SID (S-1-5-21-3382435440-3877621608-2012671848-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/06/2018 10:28:24 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (04/06/2018 11:30:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/06/2018 11:25:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/06/2018 10:49:02 AM) (Source: DCOM) (EventID: 10016) (User: MINE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user MINE\Leah SID (S-1-5-21-3382435440-3877621608-2012671848-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/06/2018 10:48:52 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
CodeIntegrity:
===================================
 
Date: 2018-02-09 09:57:55.772
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\TmMon\2.6.0.2023\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-02-09 09:57:55.762
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\tmumh\20019\AddOn\7.30.0.1081\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 22%
Total physical RAM: 16291.95 MB
Available physical RAM: 12589.86 MB
Total Virtual: 18723.95 MB
Available Virtual: 14590.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:103.21 GB) (Free:58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:839.24 GB) NTFS
 
\\?\Volume{48b82b9f-245f-4fa7-93e9-f923f8056575}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
\\?\Volume{c54db92d-fe28-4f47-950f-7f68e0d32672}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{c0740d83-317c-40de-8fe6-afa1a825a2b9}\ (Image) (Fixed) (Total:13.94 GB) (Free:0.16 GB) NTFS
\\?\Volume{ff75a0a3-d82c-4fda-bbea-ef19139b5c4f}\ (DELLSUPPORT) (Fixed) (Total:1.04 GB) (Free:0.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: C5B3625C)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C5B36263)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#2
Lmitchell14

Lmitchell14

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Upon further searching, I suspect this - GatherNetworkInfo.vbs - is not, in fact, a virus. : )


  • 0






Similar Topics


Also tagged with one or more of these keywords: trojan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP