Jump to content

Confused

Honorary Members
  • Posts

    126
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,750 profile views
  1. Is there anything else you would like me to do or do you think that I am in the clear?
  2. I tried to locate the file with the pathway given in the scan and it appears to be gone. It says that it is in my system32 under the file config with the name SOFTWARE.LOG1 and the only file with a name like that is SOFTWARE.LOG .
  3. Hello TwinHeadedEagle, Thank you so much for replying. Logs are attached. Thank you. frst.txt additional.txt
  4. Hello. I did a full scan on my computer with Avast and it found a Trojan supposedly (if that is what Trj means). I tried to do something but I was denied access. Nothing was transferred to my virus chest so I rebooted and did a reboot scan. Nothing was found and then I ran a full scan on Avast and Malwarebytes and nothing was found. Was it nothing or am I infected? Any help will be greatly appreciated. Thank you so much. Logs for FRBR and Malwarebytes will be pasted below and a screenshot of the threat found will be attached. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016 Ran by lfaas (administrator) on TVROOMPC (24-01-2016 10:46:25) Running from C:\Users\lfaas\Desktop Loaded Profiles: lfaas (Available Profiles: lfaas) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\PrivService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard ) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.) HKLM\...\Run: [igfxTray] => C:\windows\system32\igfxtray.exe [456808 2015-07-27] () HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe" HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-05] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1079287707-3710102426-1868348366-1001\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-05] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{037017A9-B184-4A23-A9DE-21D8B6A49136}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EDBE14D8-9134-46D0-B3AB-55413DCE106B}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== URLSearchHook: [s-1-5-21-1079287707-3710102426-1868348366-1001] ATTENTION => Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1079287707-3710102426-1868348366-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150 FF DefaultSearchEngine.US: Google FF Homepage: www.google.com FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Extension: Ghostery - C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150\Extensions\firefox@ghostery.com.xpi [2016-01-24] FF Extension: Adblock Plus - C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-24] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 ARPriv; C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [375112 2013-10-01] (Citrix Systems, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-05] (AVAST Software) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed] R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2015-07-27] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed] R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2013-06-06] (VMware, Inc.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 COMSysApp; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-05] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-05] (AVAST Software) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-06-04] (Broadcom Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 10:46 - 2016-01-24 10:46 - 00017291 _____ C:\Users\lfaas\Desktop\FRST.txt 2016-01-24 10:46 - 2016-01-24 10:46 - 00000000 ____D C:\FRST 2016-01-24 10:45 - 2016-01-24 10:45 - 02370560 _____ (Farbar) C:\Users\lfaas\Desktop\FRST64.exe 2016-01-12 21:50 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-01-12 21:50 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-01-12 21:50 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-01-12 21:50 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-01-12 21:50 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-01-12 21:50 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-01-12 21:50 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-01-12 21:50 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2016-01-12 21:50 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-01-12 21:50 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-01-12 21:50 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-01-12 21:50 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-01-12 21:50 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2016-01-12 21:50 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-01-12 21:50 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-01-12 21:50 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-01-12 21:50 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-01-12 21:50 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-01-12 21:50 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-01-12 21:50 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-01-12 21:50 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-01-12 21:49 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-01-12 21:49 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-01-12 21:49 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-01-12 21:49 - 2015-12-09 19:40 - 00033456 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-01-12 21:49 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL 2016-01-12 21:49 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll 2016-01-12 21:49 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll 2016-01-12 21:49 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-01-12 21:49 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2016-01-12 21:49 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll 2016-01-12 21:49 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-01-12 21:49 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll 2016-01-12 21:49 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-01-12 21:49 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll 2016-01-12 21:49 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-01-12 21:49 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll 2016-01-12 21:49 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-01-12 21:49 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-01-12 21:49 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2016-01-12 21:49 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax 2016-01-12 21:49 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL 2016-01-12 21:49 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL 2016-01-12 21:49 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL 2016-01-12 21:49 - 2015-12-03 12:58 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll 2016-01-12 21:49 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-01-12 21:49 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2016-01-12 21:49 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL 2016-01-12 21:49 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2016-01-12 21:49 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax 2016-01-12 21:49 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL 2016-01-12 21:49 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL 2016-01-12 21:49 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL 2016-01-12 21:49 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-01-12 21:49 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-01-12 21:49 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-01-12 21:49 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2016-01-12 21:49 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL 2016-01-12 21:49 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-01-12 21:49 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL 2016-01-12 21:49 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL 2016-01-12 21:49 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2016-01-12 21:49 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 01380864 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 00705024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-01-12 21:49 - 2015-11-17 16:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-01-12 21:48 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-01-12 21:48 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2015-12-27 14:41 - 2016-01-11 17:04 - 00000000 ____D C:\Users\lfaas\AppData\Roaming\HpUpdate 2015-12-27 14:41 - 2015-12-27 14:41 - 00003608 _____ C:\windows\System32\Tasks\HPCustParticipation HP ENVY 7640 series 2015-12-27 14:41 - 2015-12-27 14:41 - 00002203 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk 2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\ProgramData\Visan 2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\ProgramData\HP Photo Creations 2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2015-12-27 14:41 - 2014-08-22 05:12 - 00751624 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMDC11.dll 2015-12-27 14:40 - 2015-12-27 14:41 - 00000000 ____D C:\Program Files (x86)\HP 2015-12-27 14:40 - 2015-12-27 14:40 - 00000057 _____ C:\ProgramData\Ament.ini 2015-12-27 14:40 - 2015-12-27 14:40 - 00000000 ____D C:\ProgramData\HP 2015-12-27 14:40 - 2015-12-27 14:40 - 00000000 ____D C:\Program Files\HP 2015-12-27 14:39 - 2015-12-27 14:47 - 00000000 ____D C:\Users\lfaas\AppData\Local\HP ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows 2016-01-24 10:16 - 2014-07-26 07:11 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DB4A9FEB-E1AC-4EED-9D3A-ACFB06310CB6} 2016-01-24 10:04 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI 2016-01-24 10:04 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf 2016-01-24 10:03 - 2014-07-26 07:15 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1079287707-3710102426-1868348366-1001 2016-01-24 10:00 - 2015-07-13 11:32 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-24 09:59 - 2014-07-26 07:51 - 00000000 ___DO C:\Users\lfaas\SkyDrive 2016-01-24 09:57 - 2014-08-04 09:23 - 00000350 _____ C:\windows\Tasks\HPCeeScheduleForlfaas.job 2016-01-24 09:57 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-01-24 09:08 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI 2016-01-23 03:03 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-23 03:03 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness 2016-01-22 03:32 - 2014-08-04 09:23 - 00003164 _____ C:\windows\System32\Tasks\HPCeeScheduleForlfaas 2016-01-20 15:48 - 2015-07-31 07:03 - 01065208 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys 2016-01-20 15:48 - 2015-07-31 07:03 - 00464256 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2016-01-16 05:04 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache 2016-01-14 14:35 - 2015-08-07 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-14 14:31 - 2014-12-12 16:00 - 00000000 ____D C:\windows\system32\appraiser 2016-01-14 14:31 - 2014-08-04 07:52 - 00000000 ___SD C:\windows\system32\CompatTel 2016-01-12 21:58 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp 2016-01-12 21:57 - 2014-07-29 03:03 - 00000000 ____D C:\windows\system32\MRT 2016-01-12 21:56 - 2014-07-29 03:03 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-01-05 15:04 - 2014-08-04 07:59 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-01-05 15:04 - 2014-08-04 07:59 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-01 11:42 - 2015-08-06 08:45 - 00000000 ____D C:\Users\lfaas\AppData\Local\ElevatedDiagnostics 2015-12-27 14:46 - 2014-07-26 07:10 - 00000000 ____D C:\Users\lfaas\AppData\Local\Packages 2015-12-27 14:41 - 2014-06-04 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-12-27 14:41 - 2014-06-04 13:13 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard ==================== Files in the root of some directories ======= 2014-12-01 18:50 - 2014-12-17 00:50 - 0000010 _____ () C:\Users\lfaas\AppData\Local\DSI.DAT 2015-12-27 14:40 - 2015-12-27 14:40 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\lfaas\AppData\Local\Temp\Extract.exe C:\Users\lfaas\AppData\Local\Temp\SP64076.exe C:\Users\lfaas\AppData\Local\Temp\SP64077.exe C:\Users\lfaas\AppData\Local\Temp\SP67239.exe C:\Users\lfaas\AppData\Local\Temp\SP68399.exe C:\Users\lfaas\AppData\Local\Temp\SP70441.exe C:\Users\lfaas\AppData\Local\Temp\SP71057.exe C:\Users\lfaas\AppData\Local\Temp\SP71522.exe C:\Users\lfaas\AppData\Local\Temp\SP71862.exe C:\Users\lfaas\AppData\Local\Temp\SP72230.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-20 02:43 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016 Ran by lfaas (2016-01-24 10:47:05) Running from C:\Users\lfaas\Desktop Windows 8.1 (X64) (2014-07-26 12:09:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1079287707-3710102426-1868348366-500 - Administrator - Disabled) Guest (S-1-5-21-1079287707-3710102426-1868348366-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1079287707-3710102426-1868348366-1003 - Limited - Enabled) lfaas (S-1-5-21-1079287707-3710102426-1868348366-1001 - Administrator - Enabled) => C:\Users\lfaas ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard) HP ENVY 7640 series Basic Device Software (HKLM\...\{24BF3898-2667-4645-9448-8C6765B801A5}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT) Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla) Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden Product Improvement Study for HP ENVY 7640 series (HKLM\...\{9913BFAE-5E18-4863-8354-452337781573}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden VMware Horizon View Client (HKLM\...\{B62BB102-57D8-420A-9403-494D81F09EA6}) (Version: 5.4.0.1219906 - VMware, Inc.) Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1079287707-3710102426-1868348366-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01B0EFFA-43BA-49CC-934C-04D63D47731E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH58H3T2BS => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.) Task: {24DDBBF4-08F7-4E53-B60C-4EDE76F157A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-01-12] (Microsoft Corporation) Task: {313C0C26-8D2C-43CE-9515-698F91984B2E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software) Task: {450CDD6D-F052-4A29-A73B-E7403A1024C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {5331C62D-99DB-430C-92A8-EC5F05A0FAF7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {766866F9-85B0-44B5-BAD0-1DD9D7312753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {7B7068D7-7E92-45DA-B521-92B786AAB016} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-05] (AVAST Software) Task: {81554E7A-7E5A-41AD-9B2E-D0FC6E367817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {82469B17-8C84-4A27-A31C-52015C4DA3CE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {94D0C712-BD6F-4E78-A144-496A00A71467} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {9A052BEB-C4B3-4335-8F28-8E6746D4EBA1} - System32\Tasks\{343610CA-AF9D-42A3-A441-7D9540706F47} => pcalua.exe -a C:\Users\lfaas\AppData\Local\Roblox\Versions\version-75334a80f0a9470d\RobloxPlayerLauncher.exe -c -uninstall Task: {B8271040-1B90-4D8E-B884-CC2EAA664F7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {BC18578B-6350-426A-8D86-09F6C0A94D31} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP) Task: {D1EAE44D-C98C-4D85-8133-27F6495FB0A0} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {E85F97D4-E7BA-4A88-B490-0BAF52466D13} - System32\Tasks\HPCeeScheduleForlfaas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {F2940AB5-B8E5-46B9-819E-2EF808949CBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {F36BEC5F-4EEB-40B9-B38C-F80936177E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.) Task: {F3B277B0-ED95-4818-8BA5-29F953FF7CF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard) Task: {FA6D0C27-0FCF-4209-849E-79053EC2BAB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\HPCeeScheduleForlfaas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-12-05 03:48 - 2015-12-05 03:48 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-05 03:48 - 2015-12-05 03:48 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-01-23 15:04 - 2016-01-23 15:04 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012301\algo.dll 2015-12-05 03:48 - 2015-12-05 03:48 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-01-24 09:58 - 2016-01-24 09:58 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012400\algo.dll 2015-12-05 03:48 - 2015-12-05 03:48 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-04 13:19 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-06-04 13:16 - 2013-08-12 04:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1079287707-3710102426-1868348366-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{6176A2D8-4291-470A-95C3-12213002FDF5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{2F2ED864-93C8-4B65-8275-29B00ACFA0AE}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{4326BCDD-3C1A-4D7C-B6CA-5F718C9A66A6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{643F4967-7034-496A-ACFB-61DB15CF9B6B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{C7578C41-F43D-4D5B-B28D-4F69ABCBD39B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{5473BF13-E0F2-4C4D-8A1A-996016868D2C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{6520CB73-D1C2-415C-90A9-DEBCF1A8F858}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{3630B429-935B-46D4-BBD6-231E193DFC73}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{E8B97834-1EF2-4ABD-86EE-7A0FBCF9135D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{24CBEB38-3F2A-483A-BCFF-425261B50A1C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{A7C5FE2F-6FB2-4AF8-8546-E9DB58EE16DA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{C4CF12C6-77D8-4FAC-B344-25E5D933A5E3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{0032BE96-7252-4238-ABC7-985C18CCC6C0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{0CE53175-59E8-4647-A0C6-BA5EB71E557E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1EC83694-85AE-42D5-92E5-EBD2000FED9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{54205793-D93D-45ED-A1DB-F287E807C0FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{53549F48-00E0-44C8-9E1B-1A17D993754E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{4E73CB1A-88BE-4C4E-95FD-9FD61D286418}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe FirewallRules: [uDP Query User{39BA25F0-5C82-4716-8821-DFAB3243497F}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe FirewallRules: [{406FE29E-8804-472A-9DAB-724634C34C7A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{8B467F06-ED7E-457B-9130-3B32E97F9636}] => (Allow) LPort=2869 FirewallRules: [{6FC2C225-36BA-4E6F-9D8E-FA47DE21641D}] => (Allow) LPort=1900 FirewallRules: [{0A342CDD-9964-4DBF-AE9C-2B5816CE6946}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{23725E67-4091-48D3-8E9C-92EFECD7CFDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{FF13D58E-C3C7-4B7B-A7B5-52EC82C71EC5}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe FirewallRules: [uDP Query User{0E9B6431-0921-4363-80A1-274AEEBCF772}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe FirewallRules: [{303E3503-6C28-45ED-87D6-5A87FC688323}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{BCF88F6A-7DA9-42B6-9D83-4CD28F638658}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{CDFA7B53-00C6-4481-8BBC-C259FA302470}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe FirewallRules: [{1C6574B3-3A26-4212-8D8D-C7F0D029EC24}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe FirewallRules: [{16AE8B3D-83CB-42C6-9D32-A379022257ED}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe FirewallRules: [{10E52741-FD47-4EC0-9306-EA9E4FA9B79B}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe FirewallRules: [{7D16D5DA-98F4-40E5-AF0C-9AF94CF91E61}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe FirewallRules: [{3B929ECF-153B-4CA3-93C7-E6B5E00CDE75}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe FirewallRules: [{57A8FB2F-FD84-4391-BED9-0C1697D07F31}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe FirewallRules: [{2803860D-1832-4C08-9B93-7FE888B7E833}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe FirewallRules: [{3E5B6F58-8B49-4CFC-B83F-F637130B566D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{07A82AF0-7B17-45AB-9A9B-8578ED7868CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0DB0CB07-BA78-4987-A313-DF13EDB97A1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F18B9B25-1A6D-4F43-BE0D-380C0B2A7823}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{73E101F4-3BB1-423C-9181-B6FB1E4E8E8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DDA3463C-5F80-4651-8661-44595C7A087D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FAE0E644-2DFE-4089-9B22-9CBD7E6CF665}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{90DDE75A-21A0-469C-9ACC-02890020D1B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe FirewallRules: [{4E24867A-BA22-4DE9-AF01-F02405771832}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe FirewallRules: [{A323FACB-9EEA-4780-91EA-F3E057D3893D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe FirewallRules: [{46D0571A-F72E-413C-97F5-8C3ADCEFBD8D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe FirewallRules: [{98B8CA3F-919E-4D3B-8EBF-236AA23E97AA}] => (Allow) LPort=5357 FirewallRules: [{012D2449-6EED-416A-AE06-F385DCC72856}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe ==================== Restore Points ========================= 08-01-2016 03:23:25 Scheduled Checkpoint 12-01-2016 21:55:20 Windows Update 20-01-2016 02:44:31 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/24/2016 10:42:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mspaint.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 178c Start Time: 01d156bd9e757f30 Termination Time: 15 Application Path: C:\windows\system32\mspaint.exe Report Id: f8a6ee57-c2b0-11e5-82f9-54271ef48dba Faulting package full name: Faulting package-relative application ID: Error: (01/24/2016 09:58:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b Faulting module name: KERNELBASE.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4 Exception code: 0xc0000142 Fault offset: 0x0009d5b2 Faulting process id: 0x1120 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (01/24/2016 09:06:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/23/2016 03:50:46 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (01/22/2016 09:16:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/22/2016 05:55:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/21/2016 04:48:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (01/20/2016 09:17:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/20/2016 02:56:36 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (01/20/2016 05:55:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/24/2016 09:08:00 AM) (Source: DCOM) (EventID: 10010) (User: TVROOMPC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/24/2016 03:49:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 12 time(s). Error: (01/23/2016 03:52:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 11 time(s). Error: (01/23/2016 03:17:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (01/23/2016 03:06:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (01/23/2016 03:16:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 10 time(s). Error: (01/22/2016 09:21:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 9 time(s). Error: (01/21/2016 09:20:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 8 time(s). Error: (01/20/2016 09:20:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 7 time(s). Error: (01/19/2016 09:21:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 6 time(s). CodeIntegrity: =================================== Date: 2015-04-04 15:14:42.886 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-04 15:14:42.730 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-06 13:31:36.315 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-06 13:31:36.225 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-05 06:01:49.013 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-05 06:01:48.944 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-04 22:02:58.794 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-04 22:02:58.718 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-16 21:43:16.306 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-16 21:43:16.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i5-4440 CPU @ 3.10GHz Percentage of memory in use: 34% Total physical RAM: 8097.09 MB Available physical RAM: 5278 MB Total Virtual: 9377.09 MB Available Virtual: 6508.22 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1844.72 GB) (Free:1796.79 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:16.82 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: AC004271) Partition: GPT. ==================== End of Addition.txt ============================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/24/2016 Scan Time: 10:24 AM Logfile: mala.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.01.24.03 Rootkit Database: v2016.01.20.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: lfaas Scan Type: Threat Scan Result: Completed Objects Scanned: 347014 Time Elapsed: 17 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. Here is the Malwarebytes Scan log, FRST log, and Addition log. MalwarebytesScan.txt FRST.txt Addition.txt
  6. Hello. My Windows updater failed installing updates about a week ago so I troubleshooted it and it said that it was fixed. I checked for updates everyday and today I checked it and there were 20 updates in need of installing. I installed them and I ran a scan on Malwarebytes to be safe and it found 4 PUPS. I have not downloaded anything and I haven't been on this computer very often so I do not know why there are PUPS when just a week or so ago, I was clear of any malware,courtesy of this helpful forum. I will remove the PUPS and give the FRST logs after I am finished rebooting. Thank you.
  7. Okay, thank you so much for your help. I ran Delfix and I deleted the rest of the things we used that Delfix did not remove like the logs, folders, files, etc. I deleted the restore points I had and made a new one. I will be sure to read up on the links you gave me. I am happy that it was just paranoia and nothing serious. I can sleep well at night now. Do you think you can keep this topic open for a couple more days in case something else comes up? Otherwise, you can lock this topic. Thank you again.
  8. Okay. I just wanted to know if there was still any reminants because last month, I got Malwarebytes and did a threat scan and it found over 80 PUPs PUMs, etc . Alot of them were just adware, a PUM and a few rogues. I thought all was removed but I still found some reminants that Malwarebytes missed. I will give you the log to tell you what was found at that point and if you can give me some feedback including your thoughts on if everything is gone, I will follow your instructions on removing our removal tools, restore points, etc. Thank you. MalwarebytesScan.txt
  9. I found 2 dashost.exe running in my task manager, both running under local service and located in system32. Just wanted to know if that was normal?
  10. Hello, 4. I managed to run Junkware, log attatched. 5. I was able to run AdwCleaner but I did not know if it detected anything, I will attach you the log of what it found. I did not apply and uninstallations to it yet. 6. I ran a threatscan on Malwarebytes 7. I ran an ESET scan and nothing was found, I provided a screenshot. 8. I ran a FRST scan and the logs are attached. Thank you. JRT.txt AdwCleanerR0.txt Malwarebytesscan.txt FRST.txt Addition.txt
  11. Hello Ron, I turned off my antivirus by disabling it until I reboot. I'm afraid that I was not able to run Rkill, the box did not disappear. I kept on trying it with the given links, installing, deleting the tool, and reinstalling it but the box never went away. I backed up the registry using ERUNT. And here is the log from Malwarebytes: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/3/2015 Scan Time: 3:46 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.03.05 Rootkit Database: v2015.08.03.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: lfaas Scan Type: Threat Scan Result: Completed Objects Scanned: 350954 Time Elapsed: 8 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. Hello, It has been over 48 hours and I have not heard anything back from anybody. I PMed s moderator and she told me to let you all know. Once somebody is not busy, I hope to be helped when one has the time. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.