Jump to content

Threat: VBS:Banker-EA [Trj] Found In Avast Full Scan. False Positive or Threat?


Recommended Posts

Hello.

 

I did a full scan on my computer with Avast and it found a Trojan supposedly (if that is what Trj means). I tried to do something but I was denied access. Nothing was transferred to my virus chest so I rebooted and did a reboot scan. Nothing was found and then I ran a full scan on Avast and Malwarebytes and nothing was found.

 

Was it nothing or am I infected? Any help will be greatly appreciated. Thank you so much.

 

Logs for FRBR and Malwarebytes will be pasted below and a screenshot of the threat found will be attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by lfaas (administrator) on TVROOMPC (24-01-2016 10:46:25)
Running from C:\Users\lfaas\Desktop
Loaded Profiles: lfaas (Available Profiles: lfaas)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\PrivService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [igfxTray] => C:\windows\system32\igfxtray.exe [456808 2015-07-27] ()
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-05] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1079287707-3710102426-1868348366-1001\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{037017A9-B184-4A23-A9DE-21D8B6A49136}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EDBE14D8-9134-46D0-B3AB-55413DCE106B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
URLSearchHook: [s-1-5-21-1079287707-3710102426-1868348366-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1079287707-3710102426-1868348366-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150\Extensions\firefox@ghostery.com.xpi [2016-01-24]
FF Extension: Adblock Plus - C:\Users\lfaas\AppData\Roaming\Mozilla\Firefox\Profiles\9pyx3ark.default-1433187244150\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ARPriv; C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [375112 2013-10-01] (Citrix Systems, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-05] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2015-07-27] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2013-06-06] (VMware, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 COMSysApp; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-05] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2014-06-04] (Broadcom Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 10:46 - 2016-01-24 10:46 - 00017291 _____ C:\Users\lfaas\Desktop\FRST.txt
2016-01-24 10:46 - 2016-01-24 10:46 - 00000000 ____D C:\FRST
2016-01-24 10:45 - 2016-01-24 10:45 - 02370560 _____ (Farbar) C:\Users\lfaas\Desktop\FRST64.exe
2016-01-12 21:50 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 21:50 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 21:50 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-12 21:50 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 21:50 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 21:50 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 21:50 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-12 21:50 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-01-12 21:50 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 21:50 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-12 21:50 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-12 21:50 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-12 21:50 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-01-12 21:50 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-12 21:50 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-12 21:50 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-12 21:50 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-12 21:50 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-12 21:50 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-12 21:50 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-12 21:50 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-12 21:49 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 21:49 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-12 21:49 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-12 21:49 - 2015-12-09 19:40 - 00033456 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-12 21:49 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 21:49 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 21:49 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 21:49 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 21:49 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-01-12 21:49 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-01-12 21:49 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-12 21:49 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2016-01-12 21:49 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-12 21:49 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-01-12 21:49 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-12 21:49 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2016-01-12 21:49 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-12 21:49 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-12 21:49 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 21:49 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 21:49 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 21:49 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 21:49 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 21:49 - 2015-12-03 12:58 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-12 21:49 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-01-12 21:49 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 21:49 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 21:49 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 21:49 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 21:49 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 21:49 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 21:49 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 21:49 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-01-12 21:49 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-12 21:49 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 21:49 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 21:49 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 21:49 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 21:49 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 21:49 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 21:49 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 21:49 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 01380864 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 00705024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 21:49 - 2015-11-17 16:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-12 21:48 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 21:48 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-12-27 14:41 - 2016-01-11 17:04 - 00000000 ____D C:\Users\lfaas\AppData\Roaming\HpUpdate
2015-12-27 14:41 - 2015-12-27 14:41 - 00003608 _____ C:\windows\System32\Tasks\HPCustParticipation HP ENVY 7640 series
2015-12-27 14:41 - 2015-12-27 14:41 - 00002203 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk
2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\ProgramData\Visan
2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-12-27 14:41 - 2015-12-27 14:41 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-12-27 14:41 - 2014-08-22 05:12 - 00751624 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMDC11.dll
2015-12-27 14:40 - 2015-12-27 14:41 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-27 14:40 - 2015-12-27 14:40 - 00000057 _____ C:\ProgramData\Ament.ini
2015-12-27 14:40 - 2015-12-27 14:40 - 00000000 ____D C:\ProgramData\HP
2015-12-27 14:40 - 2015-12-27 14:40 - 00000000 ____D C:\Program Files\HP
2015-12-27 14:39 - 2015-12-27 14:47 - 00000000 ____D C:\Users\lfaas\AppData\Local\HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2016-01-24 10:16 - 2014-07-26 07:11 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DB4A9FEB-E1AC-4EED-9D3A-ACFB06310CB6}
2016-01-24 10:04 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-24 10:04 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Inf
2016-01-24 10:03 - 2014-07-26 07:15 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1079287707-3710102426-1868348366-1001
2016-01-24 10:00 - 2015-07-13 11:32 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 09:59 - 2014-07-26 07:51 - 00000000 ___DO C:\Users\lfaas\SkyDrive
2016-01-24 09:57 - 2014-08-04 09:23 - 00000350 _____ C:\windows\Tasks\HPCeeScheduleForlfaas.job
2016-01-24 09:57 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-24 09:08 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-01-23 03:03 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-23 03:03 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2016-01-22 03:32 - 2014-08-04 09:23 - 00003164 _____ C:\windows\System32\Tasks\HPCeeScheduleForlfaas
2016-01-20 15:48 - 2015-07-31 07:03 - 01065208 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-01-20 15:48 - 2015-07-31 07:03 - 00464256 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-01-16 05:04 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2016-01-14 14:35 - 2015-08-07 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 14:31 - 2014-12-12 16:00 - 00000000 ____D C:\windows\system32\appraiser
2016-01-14 14:31 - 2014-08-04 07:52 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-12 21:58 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2016-01-12 21:57 - 2014-07-29 03:03 - 00000000 ____D C:\windows\system32\MRT
2016-01-12 21:56 - 2014-07-29 03:03 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-05 15:04 - 2014-08-04 07:59 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 15:04 - 2014-08-04 07:59 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 11:42 - 2015-08-06 08:45 - 00000000 ____D C:\Users\lfaas\AppData\Local\ElevatedDiagnostics
2015-12-27 14:46 - 2014-07-26 07:10 - 00000000 ____D C:\Users\lfaas\AppData\Local\Packages
2015-12-27 14:41 - 2014-06-04 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-27 14:41 - 2014-06-04 13:13 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

==================== Files in the root of some directories =======

2014-12-01 18:50 - 2014-12-17 00:50 - 0000010 _____ () C:\Users\lfaas\AppData\Local\DSI.DAT
2015-12-27 14:40 - 2015-12-27 14:40 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\lfaas\AppData\Local\Temp\Extract.exe
C:\Users\lfaas\AppData\Local\Temp\SP64076.exe
C:\Users\lfaas\AppData\Local\Temp\SP64077.exe
C:\Users\lfaas\AppData\Local\Temp\SP67239.exe
C:\Users\lfaas\AppData\Local\Temp\SP68399.exe
C:\Users\lfaas\AppData\Local\Temp\SP70441.exe
C:\Users\lfaas\AppData\Local\Temp\SP71057.exe
C:\Users\lfaas\AppData\Local\Temp\SP71522.exe
C:\Users\lfaas\AppData\Local\Temp\SP71862.exe
C:\Users\lfaas\AppData\Local\Temp\SP72230.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-20 02:43

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by lfaas (2016-01-24 10:47:05)
Running from C:\Users\lfaas\Desktop
Windows 8.1 (X64) (2014-07-26 12:09:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1079287707-3710102426-1868348366-500 - Administrator - Disabled)
Guest (S-1-5-21-1079287707-3710102426-1868348366-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1079287707-3710102426-1868348366-1003 - Limited - Enabled)
lfaas (S-1-5-21-1079287707-3710102426-1868348366-1001 - Administrator - Enabled) => C:\Users\lfaas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 7640 series Basic Device Software (HKLM\...\{24BF3898-2667-4645-9448-8C6765B801A5}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{9913BFAE-5E18-4863-8354-452337781573}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
VMware Horizon View Client (HKLM\...\{B62BB102-57D8-420A-9403-494D81F09EA6}) (Version: 5.4.0.1219906 - VMware, Inc.)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1079287707-3710102426-1868348366-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B0EFFA-43BA-49CC-934C-04D63D47731E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH58H3T2BS => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {24DDBBF4-08F7-4E53-B60C-4EDE76F157A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {313C0C26-8D2C-43CE-9515-698F91984B2E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {450CDD6D-F052-4A29-A73B-E7403A1024C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {5331C62D-99DB-430C-92A8-EC5F05A0FAF7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {766866F9-85B0-44B5-BAD0-1DD9D7312753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {7B7068D7-7E92-45DA-B521-92B786AAB016} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-05] (AVAST Software)
Task: {81554E7A-7E5A-41AD-9B2E-D0FC6E367817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {82469B17-8C84-4A27-A31C-52015C4DA3CE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {94D0C712-BD6F-4E78-A144-496A00A71467} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {9A052BEB-C4B3-4335-8F28-8E6746D4EBA1} - System32\Tasks\{343610CA-AF9D-42A3-A441-7D9540706F47} => pcalua.exe -a C:\Users\lfaas\AppData\Local\Roblox\Versions\version-75334a80f0a9470d\RobloxPlayerLauncher.exe -c -uninstall
Task: {B8271040-1B90-4D8E-B884-CC2EAA664F7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BC18578B-6350-426A-8D86-09F6C0A94D31} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {D1EAE44D-C98C-4D85-8133-27F6495FB0A0} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {E85F97D4-E7BA-4A88-B490-0BAF52466D13} - System32\Tasks\HPCeeScheduleForlfaas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F2940AB5-B8E5-46B9-819E-2EF808949CBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F36BEC5F-4EEB-40B9-B38C-F80936177E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {F3B277B0-ED95-4818-8BA5-29F953FF7CF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
Task: {FA6D0C27-0FCF-4209-849E-79053EC2BAB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForlfaas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-12-05 03:48 - 2015-12-05 03:48 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-05 03:48 - 2015-12-05 03:48 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-23 15:04 - 2016-01-23 15:04 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012301\algo.dll
2015-12-05 03:48 - 2015-12-05 03:48 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-24 09:58 - 2016-01-24 09:58 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012400\algo.dll
2015-12-05 03:48 - 2015-12-05 03:48 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-04 13:19 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-04 13:16 - 2013-08-12 04:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1079287707-3710102426-1868348366-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6176A2D8-4291-470A-95C3-12213002FDF5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{2F2ED864-93C8-4B65-8275-29B00ACFA0AE}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{4326BCDD-3C1A-4D7C-B6CA-5F718C9A66A6}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{643F4967-7034-496A-ACFB-61DB15CF9B6B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{C7578C41-F43D-4D5B-B28D-4F69ABCBD39B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5473BF13-E0F2-4C4D-8A1A-996016868D2C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6520CB73-D1C2-415C-90A9-DEBCF1A8F858}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3630B429-935B-46D4-BBD6-231E193DFC73}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E8B97834-1EF2-4ABD-86EE-7A0FBCF9135D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{24CBEB38-3F2A-483A-BCFF-425261B50A1C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A7C5FE2F-6FB2-4AF8-8546-E9DB58EE16DA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C4CF12C6-77D8-4FAC-B344-25E5D933A5E3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{0032BE96-7252-4238-ABC7-985C18CCC6C0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0CE53175-59E8-4647-A0C6-BA5EB71E557E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EC83694-85AE-42D5-92E5-EBD2000FED9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54205793-D93D-45ED-A1DB-F287E807C0FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53549F48-00E0-44C8-9E1B-1A17D993754E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4E73CB1A-88BE-4C4E-95FD-9FD61D286418}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe
FirewallRules: [uDP Query User{39BA25F0-5C82-4716-8821-DFAB3243497F}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe
FirewallRules: [{406FE29E-8804-472A-9DAB-724634C34C7A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8B467F06-ED7E-457B-9130-3B32E97F9636}] => (Allow) LPort=2869
FirewallRules: [{6FC2C225-36BA-4E6F-9D8E-FA47DE21641D}] => (Allow) LPort=1900
FirewallRules: [{0A342CDD-9964-4DBF-AE9C-2B5816CE6946}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23725E67-4091-48D3-8E9C-92EFECD7CFDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF13D58E-C3C7-4B7B-A7B5-52EC82C71EC5}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe
FirewallRules: [uDP Query User{0E9B6431-0921-4363-80A1-274AEEBCF772}C:\program files (x86)\leap motion\core services\leapsvc.exe] => (Block) C:\program files (x86)\leap motion\core services\leapsvc.exe
FirewallRules: [{303E3503-6C28-45ED-87D6-5A87FC688323}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BCF88F6A-7DA9-42B6-9D83-4CD28F638658}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CDFA7B53-00C6-4481-8BBC-C259FA302470}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
FirewallRules: [{1C6574B3-3A26-4212-8D8D-C7F0D029EC24}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
FirewallRules: [{16AE8B3D-83CB-42C6-9D32-A379022257ED}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
FirewallRules: [{10E52741-FD47-4EC0-9306-EA9E4FA9B79B}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
FirewallRules: [{7D16D5DA-98F4-40E5-AF0C-9AF94CF91E61}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe
FirewallRules: [{3B929ECF-153B-4CA3-93C7-E6B5E00CDE75}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe
FirewallRules: [{57A8FB2F-FD84-4391-BED9-0C1697D07F31}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe
FirewallRules: [{2803860D-1832-4C08-9B93-7FE888B7E833}] => (Allow) C:\Program Files\VMware\VMware View\Client\bin\wswc.exe
FirewallRules: [{3E5B6F58-8B49-4CFC-B83F-F637130B566D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07A82AF0-7B17-45AB-9A9B-8578ED7868CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DB0CB07-BA78-4987-A313-DF13EDB97A1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F18B9B25-1A6D-4F43-BE0D-380C0B2A7823}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{73E101F4-3BB1-423C-9181-B6FB1E4E8E8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DDA3463C-5F80-4651-8661-44595C7A087D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE0E644-2DFE-4089-9B22-9CBD7E6CF665}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{90DDE75A-21A0-469C-9ACC-02890020D1B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{4E24867A-BA22-4DE9-AF01-F02405771832}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{A323FACB-9EEA-4780-91EA-F3E057D3893D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{46D0571A-F72E-413C-97F5-8C3ADCEFBD8D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{98B8CA3F-919E-4D3B-8EBF-236AA23E97AA}] => (Allow) LPort=5357
FirewallRules: [{012D2449-6EED-416A-AE06-F385DCC72856}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

08-01-2016 03:23:25 Scheduled Checkpoint
12-01-2016 21:55:20 Windows Update
20-01-2016 02:44:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2016 10:42:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mspaint.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 178c

Start Time: 01d156bd9e757f30

Termination Time: 15

Application Path: C:\windows\system32\mspaint.exe

Report Id: f8a6ee57-c2b0-11e5-82f9-54271ef48dba

Faulting package full name:

Faulting package-relative application ID:

Error: (01/24/2016 09:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4
Exception code: 0xc0000142
Fault offset: 0x0009d5b2
Faulting process id: 0x1120
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (01/24/2016 09:06:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/23/2016 03:50:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (01/22/2016 09:16:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2016 05:55:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/21/2016 04:48:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (01/20/2016 09:17:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/20/2016 02:56:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (01/20/2016 05:55:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TVROOMPC)
Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/24/2016 09:08:00 AM) (Source: DCOM) (EventID: 10010) (User: TVROOMPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (01/24/2016 03:49:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 12 time(s).

Error: (01/23/2016 03:52:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 11 time(s).

Error: (01/23/2016 03:17:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/23/2016 03:06:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/23/2016 03:16:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 10 time(s).

Error: (01/22/2016 09:21:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 9 time(s).

Error: (01/21/2016 09:20:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 8 time(s).

Error: (01/20/2016 09:20:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 7 time(s).

Error: (01/19/2016 09:21:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).


CodeIntegrity:
===================================
  Date: 2015-04-04 15:14:42.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-04 15:14:42.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-06 13:31:36.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-06 13:31:36.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 06:01:49.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 06:01:48.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-04 22:02:58.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-04 22:02:58.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-16 21:43:16.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-16 21:43:16.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 34%
Total physical RAM: 8097.09 MB
Available physical RAM: 5278 MB
Total Virtual: 9377.09 MB
Available Virtual: 6508.22 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1844.72 GB) (Free:1796.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:16.82 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: AC004271)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/24/2016
Scan Time: 10:24 AM
Logfile: mala.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.24.03
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: lfaas

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347014
Time Elapsed: 17 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.

Step 1. - Creation of system restore point and tools removal.

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.
Tool deletes old system restore points and creates a fresh system restore point after cleaning.

Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.

Security tips - highly recommended reading:

Maintenance tips:Additional software that I personally use and install on all my clients devices:
  • Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.