Jump to content

Think I have a resilient threat


Jpg619

Recommended Posts

So  here is my case I noticed when I started running a scan on my laptop the process would pop up in task manger with a 32 at the end of it. i'm running a 64 system. I've tried different scanning software every time nothing found and in task manger it has are 32 at the end of the name. i have wiped the hard drive with dban still happens also i have notest elevated permissions n event viewer that i did not do plus other weird things in event viewer.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by j (administrator) on DESKTOP-NU956K2 (20-11-2015 20:02:09)
Running from C:\Users\j\Downloads
Loaded Profiles: j &  (Available Profiles: defaultuser0 & j)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-11-20] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07212608-a3a2-4ddd-ab05-0d71e29ce5f7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2015-11-20] (Motorola Solutions, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-20 20:02 - 2015-11-20 20:02 - 00193336 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2015-11-20 20:02 - 2015-11-20 20:02 - 00004582 _____ C:\Users\j\Downloads\FRST.txt
2015-11-20 20:02 - 2015-11-20 20:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-11-20 20:01 - 2015-11-20 20:02 - 00000000 ____D C:\FRST
2015-11-20 20:01 - 2015-11-20 20:01 - 01721216 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-11-20 20:01 - 2015-11-20 20:01 - 01390904 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmhsf.sys
2015-11-20 20:01 - 2015-11-20 20:01 - 00497968 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2015-11-20 20:01 - 2015-11-20 20:01 - 00116056 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2015-11-20 20:01 - 2015-11-20 20:01 - 00080184 _____ (Motorola Solutions, Inc.) C:\Windows\system32\btmwu.dll
2015-11-20 20:01 - 2015-11-20 20:01 - 00069088 _____ (Intel Corporation) C:\Windows\system32\Drivers\iBtFltCoex.sys
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____D C:\Windows\LastGood
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____D C:\Program Files\DellTPad
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____D C:\Intel
2015-11-20 20:01 - 2015-11-20 20:01 - 00000000 ____D C:\iBTWU
2015-11-20 20:00 - 2015-11-20 20:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-20 20:00 - 2015-11-20 20:00 - 13059896 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 13037568 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 12814752 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 11352688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 11223896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 10820096 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 09016320 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 05916080 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 05384176 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-11-20 20:00 - 2015-11-20 20:00 - 03520000 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 03129856 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 01981696 _____ C:\Windows\system32\iglhxa64.cpa
2015-11-20 20:00 - 2015-11-20 20:00 - 01067696 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00963452 _____ C:\Windows\SysWOW64\igcodeckrng600.bin
2015-11-20 20:00 - 2015-11-20 20:00 - 00963452 _____ C:\Windows\system32\igcodeckrng600.bin
2015-11-20 20:00 - 2015-11-20 20:00 - 00957472 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00584192 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00551424 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00544552 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00539312 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00523184 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00453552 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00451584 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00449024 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00440832 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00418816 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00411056 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00393216 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00339456 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00294912 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-11-20 20:00 - 2015-11-20 20:00 - 00290224 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00272928 _____ C:\Windows\SysWOW64\igvpkrng600.bin
2015-11-20 20:00 - 2015-11-20 20:00 - 00272928 _____ C:\Windows\system32\igvpkrng600.bin
2015-11-20 20:00 - 2015-11-20 20:00 - 00266152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00231312 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00223664 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00210106 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00197040 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00194880 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00194245 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00183808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00183216 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-11-20 20:00 - 2015-11-20 20:00 - 00166170 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00163421 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00159008 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00151040 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00149682 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00148042 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00147393 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00147288 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00146004 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00145491 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00144645 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00144260 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00144020 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00143932 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00142882 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00142877 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00142717 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00142289 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00142008 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00141838 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00141049 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00137889 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00137784 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00137141 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00135680 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-11-20 20:00 - 2015-11-20 20:00 - 00132623 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00126300 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00124928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4229.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00124650 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-11-20 20:00 - 2015-11-20 20:00 - 00119296 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00110080 _____ C:\Windows\system32\igdde64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00102912 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00090112 _____ C:\Windows\SysWOW64\igdde32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00072704 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00059425 _____ C:\Windows\system32\iglhxo64.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00059398 _____ C:\Windows\system32\iglhxg64.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00059230 _____ C:\Windows\system32\iglhxc64.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00041288 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00033792 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00018432 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-11-20 20:00 - 2015-11-20 20:00 - 00017082 _____ C:\Windows\system32\iglhxs64.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-20 20:00 - 2015-11-20 20:00 - 00001074 _____ C:\Windows\system32\iglhxa64.vp
2015-11-20 20:00 - 2015-11-20 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-20 20:00 - 2015-11-20 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-20 20:00 - 2015-11-20 20:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-20 20:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-20 20:00 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-20 20:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-20 19:59 - 2015-11-20 20:01 - 02345984 _____ (Farbar) C:\Users\j\Downloads\FRST64.exe
2015-11-20 19:58 - 2015-11-20 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\j\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-20 19:57 - 2015-11-20 19:59 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 19:57 - 2015-11-20 19:58 - 00000000 ____D C:\Users\j\AppData\Local\MicrosoftEdge
2015-11-20 19:57 - 2015-11-20 19:57 - 00002326 _____ C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-20 19:57 - 2015-11-20 19:57 - 00000000 ___RD C:\Users\j\OneDrive
2015-11-20 19:54 - 2015-11-20 19:57 - 00000000 ____D C:\Users\j
2015-11-20 19:54 - 2015-11-20 19:55 - 00000000 ____D C:\Users\j\AppData\Local\Packages
2015-11-20 19:54 - 2015-11-20 19:54 - 00016148 _____ C:\Windows\system32\DESKTOP-NU956K2_j_HistoryPrediction.bin
2015-11-20 19:54 - 2015-11-20 19:54 - 00016148 _____ C:\Windows\system32\DESKTOP-NU956K2_defaultuser0_HistoryPrediction.bin
2015-11-20 19:54 - 2015-11-20 19:54 - 00000020 ___SH C:\Users\j\ntuser.ini
2015-11-20 19:54 - 2015-11-20 19:54 - 00000000 ___RD C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-20 19:54 - 2015-11-20 19:54 - 00000000 ____D C:\Users\j\AppData\Roaming\Adobe
2015-11-20 19:54 - 2015-11-20 19:54 - 00000000 ____D C:\Users\j\AppData\Local\VirtualStore
2015-11-20 19:54 - 2015-11-20 19:54 - 00000000 ____D C:\Users\j\AppData\Local\TileDataLayer
2015-11-20 19:54 - 2015-11-20 19:54 - 00000000 ____D C:\Users\j\AppData\Local\Publishers
2015-11-20 19:54 - 2015-07-30 14:42 - 00000000 __RSD C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-20 19:54 - 2015-07-30 14:42 - 00000000 ___RD C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-20 19:54 - 2015-07-30 14:42 - 00000000 ___RD C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-20 19:54 - 2015-07-30 14:42 - 00000000 ____D C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-20 19:53 - 2015-11-20 19:53 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-11-20 19:53 - 2015-11-20 19:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2015-11-20 19:53 - 2015-11-20 19:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2015-11-20 19:53 - 2015-11-20 19:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2015-11-20 19:50 - 2015-11-20 19:50 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2015-11-20 19:50 - 2015-11-20 19:50 - 00000000 ____D C:\Users\defaultuser0
2015-11-20 19:50 - 2015-09-09 21:20 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-20 19:50 - 2015-07-30 14:42 - 00000000 __RSD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-20 19:50 - 2015-07-30 14:42 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-20 19:50 - 2015-07-30 14:42 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-20 19:50 - 2015-07-30 14:42 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-20 19:46 - 2015-11-20 19:46 - 00000000 __SHD C:\Recovery
2015-11-20 19:43 - 2015-11-20 19:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-20 19:42 - 2015-11-20 19:52 - 00000000 ____D C:\Windows\Panther
2015-11-20 19:42 - 2015-11-20 19:42 - 00008192 __RSH C:\BOOTSECT.BAK
2015-11-20 19:31 - 2015-11-20 19:31 - 00000000 ____D C:\Windows.old
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-20 20:02 - 2015-07-30 13:50 - 00011539 _____ C:\Windows\setupact.log
2015-11-20 20:00 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\AppReadiness
2015-11-20 19:53 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\system32\sru
2015-11-20 19:52 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\rescache
2015-11-20 19:50 - 2015-07-30 13:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-20 19:49 - 2015-07-10 01:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-11-20 19:46 - 2015-07-30 14:43 - 00003077 _____ C:\Windows\DtcInstall.log
2015-11-20 19:46 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\system32\Recovery
2015-11-20 19:46 - 2015-07-10 01:47 - 00000000 ____D C:\Windows\system32\Sysprep
2015-11-20 19:42 - 2015-09-09 21:32 - 00000804 _____ C:\Windows\PFRO.log
2015-11-20 19:42 - 2015-07-30 14:42 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-11-20 19:42 - 2015-07-10 01:47 - 00000000 __RHD C:\Users\Default
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-11-20 19:42
 
==================== End of FRST.txt ============================
 
 
 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.