Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP? Driver Support Malware


  • Please log in to reply

#1
prousse1

prousse1

    Member

  • Member
  • PipPip
  • 19 posts

Hello,

 

I am posting for my dad. His computer, I think, may have some malware or other material on it to aid in phishing scams. Not long ago, he received a popup saying that Microsoft had found some sort of malware on his computer and gave him a phone number to call to receive help. He called and the user asked for remote access tot he computer. it was granted and he was able to dig around the computer some with my dad watching what he was doing. He then asked for money to get alleged malware problems on the computer cleaned up. That is where my dad decided to draw the line and hung up. since then, we have run Kaspersky system scanner,( which is the installed resident antimalware) as well as MBAM and I think we ran Super AntiSpyware a time or two. I seem to recall MBAM finding and removing 2 objects. I don't think Kaspersky or SAS found anything. This was several months ago. Today he mentioned that the computer was still getting some sort of pop up saying the drivers were out of date and the popup was requesting money to install new ones. looking at the task manager, I see several entries that I don't know what they are and makes me cautious (multiple entries for Driver Support and Driver support auto optimization, persistent module, runtime broker). I should say, though, that this is windows 8 and I have zero experience with it so those may be legit entries that I simply have not yet experienced. Computer seems to run fine - at least to me it does. Dad didn't mention it running slow or doing anything out of the ordinary other than the driver support pop ups. Not sure where else to go for this or how to be more specific. Sorry for the lack of details. Any help you are able to give is very much appreciated.

 

Snapshots of the Drivers Support popup and the task manager attached - I hope these help at least some. Logs Below:

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by prousse1 (administrator) on OFFICE (22-10-2015 16:19:45)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Loaded Profiles: prousse1 (Available Profiles: prousse1)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\windows\System32\igfxsrvc.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{056A3013-37EA-4738-8662-ABF97CF31089}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2F142258-8AF3-4A94-B1A6-164127904D34}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-164966225-1669113357-709659781-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2014-05-27] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-10-11] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2014-05-27] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 16:19 - 2015-10-22 16:19 - 00000000 ____D C:\FRST
2015-10-22 16:18 - 2015-10-22 16:19 - 00000000 ____D C:\Users\prousse1\Desktop\AntiMalware Folder
2015-10-15 06:42 - 2015-09-18 10:09 - 00032432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 06:42 - 2015-09-18 08:30 - 01290752 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00699904 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 06:42 - 2015-09-18 08:10 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-10-14 07:03 - 2015-09-28 22:33 - 06971224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-14 07:03 - 2015-09-28 21:02 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2015-10-14 07:03 - 2015-09-28 21:02 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-10-14 07:03 - 2015-09-28 21:01 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-10-14 07:03 - 2015-09-22 12:53 - 01405408 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-14 07:03 - 2015-09-22 12:53 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-10-14 07:03 - 2015-09-18 08:32 - 14290944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 13775360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02866176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00715264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00525824 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 03960832 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 07:02 - 2015-08-01 09:50 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 07:02 - 2015-08-01 08:56 - 19778048 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-05 14:16 - 2015-10-22 15:59 - 00003452 _____ C:\windows\System32\Tasks\Driver Support
2015-10-05 14:16 - 2015-10-14 14:16 - 00003756 _____ C:\windows\System32\Tasks\Driver Support-RTMScan
2015-10-05 14:16 - 2015-10-06 07:00 - 00000000 ____D C:\ProgramData\UAB
2015-10-05 14:16 - 2015-10-05 14:16 - 00003748 _____ C:\windows\System32\Tasks\Driver Support-RTMUpdater
2015-10-05 14:16 - 2015-10-05 14:16 - 00003738 _____ C:\windows\System32\Tasks\Driver Support-RTMRules
2015-10-05 14:16 - 2015-10-05 14:16 - 00003446 _____ C:\windows\System32\Tasks\Driver Support-RTMScanRunOnce
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\Downloads\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\AppData\Local\PC_Drivers_Headquarters
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\ProgramData\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Program Files (x86)\Veloxum
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Users\prousse1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Program Files (x86)\Driver Support
2015-09-23 13:48 - 2015-09-12 08:29 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-09-23 13:48 - 2015-09-12 08:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2015-09-23 07:27 - 2015-10-16 01:35 - 00809944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 07:27 - 2015-10-16 01:35 - 00176096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 06:58 - 2015-10-21 06:54 - 00003348 _____ C:\windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-09-22 06:58 - 2015-09-22 06:58 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 16:16 - 2013-08-25 14:24 - 01942591 _____ C:\windows\WindowsUpdate.log
2015-10-22 16:05 - 2015-05-18 02:08 - 00003178 _____ C:\windows\System32\Tasks\HPCeeScheduleForprousse1
2015-10-22 16:05 - 2015-05-18 02:08 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForprousse1.job
2015-10-22 16:05 - 2013-08-25 14:24 - 00000000 ____D C:\Users\prousse1
2015-10-22 16:03 - 2013-08-25 14:31 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-164966225-1669113357-709659781-1001
2015-10-22 16:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-10-22 07:24 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-10-20 13:12 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-20 06:48 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2015-10-20 06:47 - 2014-12-12 17:17 - 00000000 ____D C:\windows\system32\appraiser
2015-10-20 06:47 - 2014-07-11 07:38 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-20 06:46 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-10-20 06:46 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-10-18 11:21 - 2013-09-02 21:24 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-18 11:21 - 2013-09-02 21:24 - 00000000 ____D C:\windows\system32\MRT
2015-10-13 06:50 - 2013-08-28 14:52 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-10-04 03:07 - 2013-09-02 22:26 - 01588736 ___SH C:\Users\prousse1\Desktop\Thumbs.db
2015-09-27 22:12 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-09-27 15:49 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-23 07:26 - 2015-07-25 06:55 - 00291856 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-22 14:23 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions

Some files in TEMP:
====================
C:\Users\prousse1\AppData\Local\Temp\DriverSupport.exe
C:\Users\prousse1\AppData\Local\Temp\Extract.exe
C:\Users\prousse1\AppData\Local\Temp\SP64076.exe
C:\Users\prousse1\AppData\Local\Temp\SP64077.exe
C:\Users\suzie\AppData\Local\Temp\COMAP.EXE

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-15 13:29

==================== End of FRST.txt ============================

 

 

 

 

ADDITION.TXT

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by prousse1 (2015-10-22 16:20:17)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Windows 8 (X64) (2013-08-25 19:24:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-164966225-1669113357-709659781-500 - Administrator - Disabled)
Guest (S-1-5-21-164966225-1669113357-709659781-501 - Limited - Disabled)
prousse1 (S-1-5-21-164966225-1669113357-709659781-1001 - Administrator - Enabled) => C:\Users\prousse1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

25-09-2015 14:05:17 Windows Update
29-09-2015 14:13:05 Windows Update
11-10-2015 17:25:15 Scheduled Checkpoint
15-10-2015 13:27:55 Windows Update
20-10-2015 06:45:46 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B437CF9-A2C1-4379-AD98-7EFA61115261} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {0C082B69-6337-42F2-8CD3-0EEE0CDCA65F} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {0F3A4FA2-6AC5-41BE-AFC8-0F0F31BBA469} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink)
Task: {151750E4-EFDA-429D-8ADD-D89159282EA6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {1A0F2D51-7FB4-431B-9376-C1F6E16147D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {1B74CC67-D81E-4EF9-A143-043D8F244735} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {318635D8-9565-42CE-BA4F-C459D32E16E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {32CC8EAB-864F-4622-8AC9-7DF614313024} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {4911F2C1-AD52-464F-9D39-BDCF9F7DD48A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-09-22] (Hewlett-Packard)
Task: {4A192DE5-BBE0-4722-8EC8-A1FAA6FFBDC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {4A85E893-12D3-4D6F-A2D2-56CA77AB9689} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2015-09-22] (ESET)
Task: {5DF170D8-BF79-4926-BB21-F4CE7520484D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {8AA02246-875C-4AAF-8143-57032CAF1037} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {99EB8F53-71E7-483C-8E0F-62D70FD70562} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
Task: {A1E0AAA4-1F9D-4D64-95A4-E4C31763ADD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {A7BF8588-6C1C-4450-AC28-0E79F912DC77} - System32\Tasks\{D1021CB3-EE11-4AE0-B98F-3D1A5CC55B99} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {A92429EC-58C4-4EA6-B1A9-40FC4DA756BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {A96EC7B8-63CA-4545-8D63-1B9AA8BC28C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AC6CD059-C7B6-42D2-94A3-C5B757398702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B0A31F86-8423-49D0-9D63-15E30EF44546} - System32\Tasks\HPCeeScheduleForprousse1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E86F4A8B-84BF-45A4-A530-1EFA526BE608} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {ECA57CA7-4342-4426-96C8-CBF768734FC4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {FC398EBC-F62F-4848-A71D-BF4FCE026F3B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {FCB92A9D-9ACA-4E7D-8ABB-F6195E70FF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {FCDA68E4-4A88-4C97-B947-0B742227D110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForprousse1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-15 14:03 - 2015-09-15 14:03 - 00354592 _____ () C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll
2015-09-15 14:03 - 2015-09-15 14:03 - 00485664 _____ () C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll
2015-09-15 14:04 - 2015-09-15 14:04 - 00071968 _____ () C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll
2013-08-25 18:21 - 2013-08-25 18:22 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-12 19:38 - 2012-12-12 19:38 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2013-05-08 14:19 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-05-08 14:25 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxps://apps.driversupport.com

IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-164966225-1669113357-709659781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\prousse1\Desktop\pierre stuff\10584107_10155005895272355_8692696953447890524_n[1].jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7E37271-E6BF-4639-9595-1DF4B6556415}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A81B0C0C-3092-4DD6-A04E-7A99AC3D70A5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C72A30CF-2536-4BFC-8C6B-4760781AFE90}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{253C4D2F-E0D6-4A3A-ABF3-A4902E0A4C09}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B3F1C1BA-2DEB-49EF-BA55-48F5EAEE925A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{80B715E4-0634-4599-ACF8-A8236904D58C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6BDA950A-8FF7-4E84-9429-6516B92EFBA7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1CDAE4A-CCA5-41ED-B4B8-3F2F42C08171}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8B1727BD-A433-493D-A82B-23879951694E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D306B94B-1A97-4918-B1AC-42502701859B}] => (Allow) LPort=2869
FirewallRules: [{63698FD2-11B3-419B-9879-A9034CDC3113}] => (Allow) LPort=1900
FirewallRules: [{E3C540C9-F956-494B-85C6-53249CC8BB91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{19F11F2C-9D93-488B-A41C-01A27EEC27B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09A0F0D8-3F24-42F0-AFE0-A317B432EECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82AC3A52-1B05-49D5-B7C2-8C119E4EF9BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5296DB6-6CD1-4954-B632-35444433E026}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68FADEFA-1DA8-4B88-8358-E7F32991EA71}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2015 11:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.29.11901.0, time stamp: 0x560ed3ae
Faulting module name: webio.dll, version: 6.2.9200.16420, time stamp: 0x505a992d
Exception code: 0xc0000409
Fault offset: 0x000000000003e8e5
Faulting process id: 0x19c8
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report Id: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5

Error: (10/15/2015 01:28:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (10/15/2015 01:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x94c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2015 01:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x18a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/10/2015 08:48:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (10/08/2015 06:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0xd4c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/20/2015 01:18:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Assistant Service service hung on starting.

Error: (10/17/2015 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (10/17/2015 11:24:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (10/17/2015 11:21:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (10/17/2015 11:16:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (10/15/2015 01:28:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/15/2015 01:27:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/15/2015 06:48:12 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 6014.86 MB
Available physical RAM: 4055.55 MB
Total Virtual: 6974.86 MB
Available Virtual: 4942.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.12 GB) (Free:809.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 096B4054)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

One final note, I will be physically at the computer today through Monday morning. After Monday morning, I will need to go back home so I can resume work on Tuesday morning. If this extends beyond Monday morning, how could I setup remote support to continue working on this while not physically at the computer?

Attached Thumbnails

  • TaskManager.jpg
  • DriverSupport.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I don't usually work on Win 8 so haven't up dated my scripts for 8 yet but it shouldn't be that hard to remove this driver stuff.  Looks like it was installed on 10/05.  
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
I would put TeamViewer on the PC even if we clean up the malware before you go home.  https://www.teamviewer.com/en/index.aspx Wonderfullittle program.  When you install it tell it you want to  control the PC remotely and ti should ask you for a password.  Note the ID number and the password then install TeamViewer  on your own PC then run it and put the ID in where it says Partner ID and the Password and it should connect right away if his machine is awake.  (Best to turn off hibernation and sleep so the remote PC won't get bored and go to sleep.)

  • 0

#3
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thank you!

 

Here is the Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by prousse1 (2015-10-22 22:27:10) Run:1
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Loaded Profiles: prousse1 (Available Profiles: prousse1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2015-08-05] (PC Drivers HeadQuarters LP)
2015-10-05 14:16 - 2015-10-22 15:59 - 00003452 _____ C:\windows\System32\Tasks\Driver Support
2015-10-05 14:16 - 2015-10-14 14:16 - 00003756 _____ C:\windows\System32\Tasks\Driver Support-RTMScan
2015-10-05 14:16 - 2015-10-06 07:00 - 00000000 ____D C:\ProgramData\UAB
2015-10-05 14:16 - 2015-10-05 14:16 - 00003748 _____ C:\windows\System32\Tasks\Driver Support-RTMUpdater
2015-10-05 14:16 - 2015-10-05 14:16 - 00003738 _____ C:\windows\System32\Tasks\Driver Support-RTMRules
2015-10-05 14:16 - 2015-10-05 14:16 - 00003446 _____ C:\windows\System32\Tasks\Driver Support-RTMScanRunOnce
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\Downloads\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\prousse1\AppData\Local\PC_Drivers_Headquarters
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\ProgramData\Driver Support
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Program Files (x86)\Veloxum
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Users\prousse1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2015-10-05 14:15 - 2015-10-05 14:15 - 00000000 ____D C:\Program Files (x86)\Driver Support
Task: {0B437CF9-A2C1-4379-AD98-7EFA61115261} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {0C082B69-6337-42F2-8CD3-0EEE0CDCA65F} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {32CC8EAB-864F-4622-8AC9-7DF614313024} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {8AA02246-875C-4AAF-8143-57032CAF1037} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
Task: {E86F4A8B-84BF-45A4-A530-1EFA526BE608} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {ECA57CA7-4342-4426-96C8-CBF768734FC4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {FC398EBC-F62F-4848-A71D-BF4FCE026F3B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-09-15] (PC Drivers Headquarters)
2015-09-15 14:03 - 2015-09-15 14:03 - 00354592 _____ () C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll
2015-09-15 14:03 - 2015-09-15 14:03 - 00485664 _____ () C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll
2015-09-15 14:04 - 2015-09-15 14:04 - 00071968 _____ () C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll\
IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\driversupport.com -> hxxps://apps.driversupport.com
C:\Users\prousse1\AppData\Local\Temp\DriverSupport.exe
C:\Users\prousse1\AppData\Local\Temp\Extract.exe
C:\Users\prousse1\AppData\Local\Temp\SP64076.exe
C:\Users\prousse1\AppData\Local\Temp\SP64077.exe
C:\Users\suzie\AppData\Local\Temp\COMAP.EXE

*****************

DSAO => Unable to stop service.
DSAO => service removed successfully
"C:\windows\System32\Tasks\Driver Support" => not found.
"C:\windows\System32\Tasks\Driver Support-RTMScan" => not found.
C:\ProgramData\UAB => moved successfully
"C:\windows\System32\Tasks\Driver Support-RTMUpdater" => not found.
"C:\windows\System32\Tasks\Driver Support-RTMRules" => not found.
"C:\windows\System32\Tasks\Driver Support-RTMScanRunOnce" => not found.
C:\Users\prousse1\Downloads\Driver Support => moved successfully
C:\Users\prousse1\AppData\Local\PC_Drivers_Headquarters => moved successfully
C:\ProgramData\Driver Support => moved successfully
C:\Program Files (x86)\Veloxum => moved successfully
C:\Users\prousse1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support => moved successfully
C:\Program Files (x86)\Driver Support => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B437CF9-A2C1-4379-AD98-7EFA61115261} => key not found.
C:\windows\System32\Tasks\Driver Support-RTMRules => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C082B69-6337-42F2-8CD3-0EEE0CDCA65F} => key not found.
C:\windows\System32\Tasks\Driver Support-RTMScanRunOnce => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScanRunOnce => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32CC8EAB-864F-4622-8AC9-7DF614313024} => key not found.
C:\windows\System32\Tasks\Driver Support-RTMScan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AA02246-875C-4AAF-8143-57032CAF1037} => key not found.
C:\windows\System32\Tasks\Driver Support => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E86F4A8B-84BF-45A4-A530-1EFA526BE608}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E86F4A8B-84BF-45A4-A530-1EFA526BE608}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECA57CA7-4342-4426-96C8-CBF768734FC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECA57CA7-4342-4426-96C8-CBF768734FC4}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC398EBC-F62F-4848-A71D-BF4FCE026F3B} => key not found.
C:\windows\System32\Tasks\Driver Support-RTMUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMUpdater => key not found.
"C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll" => not found.
"C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll" => not found.
"C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll" => not found.
"HKU\S-1-5-21-164966225-1669113357-709659781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com" => key removed successfully
HKU\S-1-5-21-164966225-1669113357-709659781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found.
C:\Users\prousse1\AppData\Local\Temp\DriverSupport.exe => moved successfully
C:\Users\prousse1\AppData\Local\Temp\Extract.exe => moved successfully
C:\Users\prousse1\AppData\Local\Temp\SP64076.exe => moved successfully
C:\Users\prousse1\AppData\Local\Temp\SP64077.exe => moved successfully
C:\Users\suzie\AppData\Local\Temp\COMAP.EXE => moved successfully

The system needed a reboot.

==== End of Fixlog 22:27:18 ====


  • 0

#4
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Sorry! I re read your post and realized that you asked me to rerun the program same as I did the first time (additions checked and run scan).

 

Here is FRST.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by prousse1 (2015-10-22 22:34:55)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Windows 8 (X64) (2013-08-25 19:24:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-164966225-1669113357-709659781-500 - Administrator - Disabled)
Guest (S-1-5-21-164966225-1669113357-709659781-501 - Limited - Disabled)
prousse1 (S-1-5-21-164966225-1669113357-709659781-1001 - Administrator - Enabled) => C:\Users\prousse1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

29-09-2015 14:13:05 Windows Update
11-10-2015 17:25:15 Scheduled Checkpoint
15-10-2015 13:27:55 Windows Update
20-10-2015 06:45:46 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F3A4FA2-6AC5-41BE-AFC8-0F0F31BBA469} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink)
Task: {151750E4-EFDA-429D-8ADD-D89159282EA6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {1A0F2D51-7FB4-431B-9376-C1F6E16147D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {1B74CC67-D81E-4EF9-A143-043D8F244735} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {318635D8-9565-42CE-BA4F-C459D32E16E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4911F2C1-AD52-464F-9D39-BDCF9F7DD48A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-09-22] (Hewlett-Packard)
Task: {4A85E893-12D3-4D6F-A2D2-56CA77AB9689} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2015-09-22] (ESET)
Task: {5DF170D8-BF79-4926-BB21-F4CE7520484D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {890FA2EA-5F9A-4BB2-8761-CD7D95651A37} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\System32\NotificationUI.exe [2015-03-04] (Microsoft Corporation)
Task: {A1E0AAA4-1F9D-4D64-95A4-E4C31763ADD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {A7BF8588-6C1C-4450-AC28-0E79F912DC77} - System32\Tasks\{D1021CB3-EE11-4AE0-B98F-3D1A5CC55B99} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {A92429EC-58C4-4EA6-B1A9-40FC4DA756BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {A96EC7B8-63CA-4545-8D63-1B9AA8BC28C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AC6CD059-C7B6-42D2-94A3-C5B757398702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B0A31F86-8423-49D0-9D63-15E30EF44546} - System32\Tasks\HPCeeScheduleForprousse1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B7F00ED8-59BF-4885-A5DD-EEC4F598C417} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
Task: {FCB92A9D-9ACA-4E7D-8ABB-F6195E70FF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {FCDA68E4-4A88-4C97-B947-0B742227D110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForprousse1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-25 18:21 - 2013-08-25 18:22 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-12 19:38 - 2012-12-12 19:38 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2013-05-08 14:25 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-08 14:19 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-164966225-1669113357-709659781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\prousse1\Desktop\pierre stuff\10584107_10155005895272355_8692696953447890524_n[1].jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7E37271-E6BF-4639-9595-1DF4B6556415}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A81B0C0C-3092-4DD6-A04E-7A99AC3D70A5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C72A30CF-2536-4BFC-8C6B-4760781AFE90}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{253C4D2F-E0D6-4A3A-ABF3-A4902E0A4C09}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B3F1C1BA-2DEB-49EF-BA55-48F5EAEE925A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{80B715E4-0634-4599-ACF8-A8236904D58C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6BDA950A-8FF7-4E84-9429-6516B92EFBA7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1CDAE4A-CCA5-41ED-B4B8-3F2F42C08171}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8B1727BD-A433-493D-A82B-23879951694E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D306B94B-1A97-4918-B1AC-42502701859B}] => (Allow) LPort=2869
FirewallRules: [{63698FD2-11B3-419B-9879-A9034CDC3113}] => (Allow) LPort=1900
FirewallRules: [{E3C540C9-F956-494B-85C6-53249CC8BB91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{19F11F2C-9D93-488B-A41C-01A27EEC27B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09A0F0D8-3F24-42F0-AFE0-A317B432EECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82AC3A52-1B05-49D5-B7C2-8C119E4EF9BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5296DB6-6CD1-4954-B632-35444433E026}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68FADEFA-1DA8-4B88-8358-E7F32991EA71}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 08:01:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 7.0.302.0, time stamp: 0x5231910a
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000008
Fault offset: 0x00000000000e26a0
Faulting process id: 0x1424
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_64_2.0.50727

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: ASP.NET_64_2.0.507274

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4

Error: (10/18/2015 11:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.29.11901.0, time stamp: 0x560ed3ae
Faulting module name: webio.dll, version: 6.2.9200.16420, time stamp: 0x505a992d
Exception code: 0xc0000409
Fault offset: 0x000000000003e8e5
Faulting process id: 0x19c8
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report Id: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5

Error: (10/15/2015 01:28:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (10/15/2015 01:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x94c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2015 01:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x18a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (10/22/2015 05:35:33 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".

Error: (10/22/2015 05:31:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/22/2015 05:31:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".

Error: (10/22/2015 05:31:37 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/22/2015 04:59:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/22/2015 04:59:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/20/2015 01:18:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Assistant Service service hung on starting.

Error: (10/17/2015 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 6014.86 MB
Available physical RAM: 4465.14 MB
Total Virtual: 6974.86 MB
Available Virtual: 5428.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.12 GB) (Free:812.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 096B4054)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

And here is ADDITIONS.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by prousse1 (2015-10-22 22:34:55)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Windows 8 (X64) (2013-08-25 19:24:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-164966225-1669113357-709659781-500 - Administrator - Disabled)
Guest (S-1-5-21-164966225-1669113357-709659781-501 - Limited - Disabled)
prousse1 (S-1-5-21-164966225-1669113357-709659781-1001 - Administrator - Enabled) => C:\Users\prousse1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6104 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.41 - PC Drivers HeadQuarters LP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\HPConnectedMusic) (Version: 1.1 (build 59) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

29-09-2015 14:13:05 Windows Update
11-10-2015 17:25:15 Scheduled Checkpoint
15-10-2015 13:27:55 Windows Update
20-10-2015 06:45:46 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F3A4FA2-6AC5-41BE-AFC8-0F0F31BBA469} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-12-26] (CyberLink)
Task: {151750E4-EFDA-429D-8ADD-D89159282EA6} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {1A0F2D51-7FB4-431B-9376-C1F6E16147D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {1B74CC67-D81E-4EF9-A143-043D8F244735} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {318635D8-9565-42CE-BA4F-C459D32E16E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4911F2C1-AD52-464F-9D39-BDCF9F7DD48A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-09-22] (Hewlett-Packard)
Task: {4A85E893-12D3-4D6F-A2D2-56CA77AB9689} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Smart Security 7.0\upgrade.exe [2015-09-22] (ESET)
Task: {5DF170D8-BF79-4926-BB21-F4CE7520484D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {890FA2EA-5F9A-4BB2-8761-CD7D95651A37} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\System32\NotificationUI.exe [2015-03-04] (Microsoft Corporation)
Task: {A1E0AAA4-1F9D-4D64-95A4-E4C31763ADD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {A7BF8588-6C1C-4450-AC28-0E79F912DC77} - System32\Tasks\{D1021CB3-EE11-4AE0-B98F-3D1A5CC55B99} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {A92429EC-58C4-4EA6-B1A9-40FC4DA756BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {A96EC7B8-63CA-4545-8D63-1B9AA8BC28C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AC6CD059-C7B6-42D2-94A3-C5B757398702} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B0A31F86-8423-49D0-9D63-15E30EF44546} - System32\Tasks\HPCeeScheduleForprousse1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B7F00ED8-59BF-4885-A5DD-EEC4F598C417} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-10-18] (Microsoft Corporation)
Task: {FCB92A9D-9ACA-4E7D-8ABB-F6195E70FF70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {FCDA68E4-4A88-4C97-B947-0B742227D110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleForprousse1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-25 18:21 - 2013-08-25 18:22 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-12 19:38 - 2012-12-12 19:38 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2013-05-08 14:25 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-08 14:19 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-164966225-1669113357-709659781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\prousse1\Desktop\pierre stuff\10584107_10155005895272355_8692696953447890524_n[1].jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B7E37271-E6BF-4639-9595-1DF4B6556415}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A81B0C0C-3092-4DD6-A04E-7A99AC3D70A5}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C72A30CF-2536-4BFC-8C6B-4760781AFE90}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{253C4D2F-E0D6-4A3A-ABF3-A4902E0A4C09}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B3F1C1BA-2DEB-49EF-BA55-48F5EAEE925A}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{80B715E4-0634-4599-ACF8-A8236904D58C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{6BDA950A-8FF7-4E84-9429-6516B92EFBA7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B1CDAE4A-CCA5-41ED-B4B8-3F2F42C08171}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8B1727BD-A433-493D-A82B-23879951694E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D306B94B-1A97-4918-B1AC-42502701859B}] => (Allow) LPort=2869
FirewallRules: [{63698FD2-11B3-419B-9879-A9034CDC3113}] => (Allow) LPort=1900
FirewallRules: [{E3C540C9-F956-494B-85C6-53249CC8BB91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{19F11F2C-9D93-488B-A41C-01A27EEC27B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09A0F0D8-3F24-42F0-AFE0-A317B432EECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82AC3A52-1B05-49D5-B7C2-8C119E4EF9BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5296DB6-6CD1-4954-B632-35444433E026}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68FADEFA-1DA8-4B88-8358-E7F32991EA71}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 08:01:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 7.0.302.0, time stamp: 0x5231910a
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000008
Fault offset: 0x00000000000e26a0
Faulting process id: 0x1424
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_64_2.0.50727

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: ASP.NET_64_2.0.507274

Error: (10/22/2015 04:54:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4

Error: (10/18/2015 11:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.29.11901.0, time stamp: 0x560ed3ae
Faulting module name: webio.dll, version: 6.2.9200.16420, time stamp: 0x505a992d
Exception code: 0xc0000409
Fault offset: 0x000000000003e8e5
Faulting process id: 0x19c8
Faulting application start time: 0xMRT.exe0
Faulting application path: MRT.exe1
Faulting module path: MRT.exe2
Report Id: MRT.exe3
Faulting package full name: MRT.exe4
Faulting package-relative application ID: MRT.exe5

Error: (10/15/2015 01:28:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (10/15/2015 01:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x94c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2015 01:47:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17377, time stamp: 0x55663db9
Faulting module name: ntdll.dll, version: 6.2.9200.17438, time stamp: 0x55a41b15
Exception code: 0xc0000374
Fault offset: 0x00000000000ea539
Faulting process id: 0x18a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/11/2015 07:53:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: office)
Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (10/22/2015 05:35:33 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".

Error: (10/22/2015 05:31:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/22/2015 05:31:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".

Error: (10/22/2015 05:31:37 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (10/22/2015 04:59:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (10/22/2015 04:59:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/22/2015 07:29:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/20/2015 01:18:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Assistant Service service hung on starting.

Error: (10/17/2015 11:32:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 6014.86 MB
Available physical RAM: 4465.14 MB
Total Virtual: 6974.86 MB
Available Virtual: 5428.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.12 GB) (Free:812.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 096B4054)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You posted the Additions twice.  Can you find the FRST.txt and post it?  Are you still seeing the popups?


  • 0

#6
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Oh no, it has been a long day. Sorry, again....

 

I do not see the popup that was pictured in my original post nor do I see the icon in the taskbar or the entries in the task manager. That may have done the trick!

 

I still see the entry in task manager for persistent module. Its properties windows shows it is run by an executable by the name of igfxpers.exe which bleeping computer shows could be a legitimate process if run fromt he system32 folder which happens to be where this looks to be running from.

 

The other item in task manager that worries me a tad is a process called runtime broker. Its properties points to runtimebroker.exe in the system32 folder. I am seeing mixed reviews of this process from the Microsoft website and would like to know your take on it. I have also read a couple of possible "fixes" for it if it were taking up memory - one being disabling windows search, another being a memory leak in a metro app and uninstalling or disabling that metro app, and others being uninstalling various antimalware programs or updating drivers. Interesting coincidence that the problem with my dad's computer somewhat stems around drivers. Any thoughts on it?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by prousse1 (administrator) on OFFICE (22-10-2015 22:34:19)
Running from C:\Users\prousse1\Desktop\AntiMalware Folder
Loaded Profiles: prousse1 (Available Profiles: prousse1)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-164966225-1669113357-709659781-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{056A3013-37EA-4738-8662-ABF97CF31089}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2F142258-8AF3-4A94-B1A6-164127904D34}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-164966225-1669113357-709659781-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {029330C7-E8BB-45C0-B626-ED9AABFBC6CB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-164966225-1669113357-709659781-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2014-05-27] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-10-11] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2014-05-27] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 16:54 - 2015-10-22 16:54 - 00032832 _____ C:\windows\SysWOW64\rnd_chunk.bin
2015-10-22 16:19 - 2015-10-22 22:34 - 00000000 ____D C:\FRST
2015-10-22 16:18 - 2015-10-22 22:27 - 00000000 ____D C:\Users\prousse1\Desktop\AntiMalware Folder
2015-10-15 06:42 - 2015-09-18 10:09 - 00032432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 06:42 - 2015-09-18 08:30 - 01290752 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00699904 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 06:42 - 2015-09-18 08:30 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 06:42 - 2015-09-18 08:10 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2015-10-14 07:03 - 2015-10-01 18:55 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-10-14 07:03 - 2015-09-28 22:33 - 06971224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-14 07:03 - 2015-09-28 21:02 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2015-10-14 07:03 - 2015-09-28 21:02 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-10-14 07:03 - 2015-09-28 21:01 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-10-14 07:03 - 2015-09-22 12:53 - 01405408 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-14 07:03 - 2015-09-22 12:53 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-10-14 07:03 - 2015-09-18 08:32 - 14290944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 13775360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02866176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00715264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00525824 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 07:02 - 2015-09-18 08:32 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 03960832 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-14 07:02 - 2015-09-18 08:30 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 07:02 - 2015-08-01 09:50 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 07:02 - 2015-08-01 08:56 - 19778048 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:02 - 2015-07-22 17:09 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-09-23 13:48 - 2015-09-12 08:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2015-09-23 13:48 - 2015-09-12 08:29 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2015-09-23 07:27 - 2015-10-16 01:35 - 00809944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 07:27 - 2015-10-16 01:35 - 00176096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 06:58 - 2015-10-21 06:54 - 00003348 _____ C:\windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2015-09-22 06:58 - 2015-09-22 06:58 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 22:33 - 2013-08-25 14:31 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-164966225-1669113357-709659781-1001
2015-10-22 22:28 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-22 22:27 - 2013-08-27 14:04 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2015-10-22 22:27 - 2013-08-25 14:24 - 01966878 _____ C:\windows\WindowsUpdate.log
2015-10-22 22:27 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-10-22 22:27 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2015-10-22 17:09 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-10-22 16:05 - 2015-05-18 02:08 - 00003178 _____ C:\windows\System32\Tasks\HPCeeScheduleForprousse1
2015-10-22 16:05 - 2015-05-18 02:08 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForprousse1.job
2015-10-22 16:05 - 2013-08-25 14:24 - 00000000 ____D C:\Users\prousse1
2015-10-22 07:24 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-10-20 06:47 - 2014-12-12 17:17 - 00000000 ____D C:\windows\system32\appraiser
2015-10-20 06:47 - 2014-07-11 07:38 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-20 06:46 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-10-20 06:46 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-10-18 11:21 - 2013-09-02 21:24 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-18 11:21 - 2013-09-02 21:24 - 00000000 ____D C:\windows\system32\MRT
2015-10-13 06:50 - 2013-08-28 14:52 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-10-04 03:07 - 2013-09-02 22:26 - 01588736 ___SH C:\Users\prousse1\Desktop\Thumbs.db
2015-09-27 15:49 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-23 07:26 - 2015-07-25 06:55 - 00291856 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-22 14:23 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-22 17:00

==================== End of FRST.txt ============================


  • 0

#7
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I should note as well that, though I have not received a Drivers Support popup, I did get a pop up to upgrade to Win8.1. I click out of it by hitting the X in the upper right corner and continued on with the scanning you requested.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Both files are legit.

 

I'm about to go to bed but we can run Process Explorer and see if there is anything suspicious running.

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 

 

Upgrading to 8.1 is strongly recommended.  Once you do that you will need to run Windows Updates a few times to get all of the patches.  It will then start to nag you about upgrading to Windows 10.  Haven't tried it yet so can't say if it's really better.  


  • 0

#9
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Perfect timing! I was actually about to go to bed as well. Thank you again for the help and I cannot say thank you enough for how quickly you were able to jump in and start offering help. Your time tonight is very much appreciated!

 

Here is the process explorer log. Out of curiousity, would you know of a legend somewhere that could help decipher the different color schemes used in process explorer? I use it on my computer at home and have always wondered what the various colors mean. I have picked up on some, green for newly created processes, red for terminating processes. But meaning for the other shades has eluded me thus far.

 

I too have not yet toyed with Win10 except for a short 1 day of getting it setup and it not being able to launch many of my applications. I reverted back shortly after. I will likely update my Dad's computer to 8.1 once we are finished with this cleanup. This is my first experience with Win 8 as well. Win7 was working for me.... why reinvent the wheel every 2 years if nothing is broken?

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 94.52 0 K 20 K 0   
procexp64.exe 3.57 32,508 K 47,732 K 4976 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.52 19,260 K 30,136 K 3756 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
YCMMirage.exe 0.46 2,016 K 2,808 K 4960 YouCam Mirage CyberLink (Verified) CyberLink
Interrupts 0.36 0 K 0 K n/a Hardware Interrupts and DPCs  
csrss.exe 0.28 2,128 K 34,492 K 1148 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.17 144 K 11,652 K 4   
TabTip.exe 0.20 2,736 K 9,344 K 4508 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
ekrn.exe 0.15 128,280 K 131,872 K 1768 ESET Service ESET (Verified) ESET
MsMpEng.exe 0.12 102,152 K 116,876 K 2024 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.09 24,476 K 27,396 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
egui.exe 0.06 5,536 K 17,120 K 2616 ESET Main GUI ESET (Verified) ESET
explorer.exe 0.04 55,156 K 88,936 K 1056 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 0.01 2,036 K 6,248 K 3172 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
CLMLSvc_P2G8.exe 0.01 3,864 K 1,728 K 4964 CyberLink MediaLibray Service CyberLink (A certificate was explicitly revoked by its issuer) CyberLink
iexplore.exe 0.01 21,916 K 51,000 K 3576 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 5,084 K 8,452 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 80,100 K 125,020 K 656 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
AppleMobileDeviceService.exe < 0.01 3,172 K 10,976 K 1648 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 3,276 K 9,076 K 784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.01 1,568 K 4,192 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,424 K 47,012 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPSA_Service.exe < 0.01 27,444 K 20,168 K 4696 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
svchost.exe < 0.01 73,792 K 69,152 K 500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 3,916 K 13,684 K 4400 iTunesHelper Apple Inc. (Verified) Apple Inc.
WmiPrvSE.exe  1,656 K 5,464 K 5088 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  1,200 K 5,012 K 2560 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,020 K 4,020 K 552 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhostex.exe  2,932 K 6,752 K 3420 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe  4,956 K 11,772 K 1892 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe  720 K 2,904 K 3588 Touch Keyboard and Handwriting Panel Helper Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  10,100 K 13,272 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  7,236 K 13,540 K 296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  17,868 K 19,016 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,952 K 6,112 K 2792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,208 K 7,432 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,704 K 6,044 K 1996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,360 K 4,592 K 2848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  4,408 K 11,212 K 1452 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  312 K 1,036 K 320 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  4,556 K 15,472 K 644 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe  31,924 K 32,576 K 636 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,516 K 17,640 K 3132 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe  3,584 K 9,188 K 3540 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe  1,304 K 4,788 K 1060 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  5,116 K 10,180 K 3520 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,328 K 7,688 K 4524 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mDNSResponder.exe  1,464 K 4,892 K 1716 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe  6,052 K 12,816 K 664 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LMS.exe  2,996 K 9,332 K 4812 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation
LiveComm.exe Suspended 20,624 K 23,100 K 2956 Communications Service Microsoft Corporation (Verified) Microsoft Corporation
Jhi_service.exe  1,136 K 4,508 K 4788 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
IntelMeFWService.exe  924 K 3,676 K 4768 Intel® ME Service Intel Corporation (Verified) Intel Corporation
igfxsrvc.exe  2,132 K 6,360 K 3136 igfxsrvc Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxpers.exe  1,632 K 6,740 K 2100 persistence Module Intel Corporation (Verified) Intel Corporation - pGFX
ICCProxy.exe  1,208 K 5,052 K 3436 Intel® Integrated Clock Controller Service - Intel® ICCS Intel Corporation (Verified) Intel Corporation
hkcmd.exe  1,464 K 5,904 K 3128 hkcmd Module Intel Corporation (Verified) Intel Corporation - pGFX
HeciServer.exe  1,200 K 5,016 K 1812 Intel® Capability Licensing Service Interface Intel® Corporation (No signature was present in the subject) Intel® Corporation
dllhost.exe  14,720 K 19,284 K 4040 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe  7,936 K 2,048 K 1100 CCleaner Piriform Ltd (Verified) Piriform Ltd
audiodg.exe  9,476 K 12,332 K 616 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
AERTSr64.exe  524 K 2,352 K 1608 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Appears that your CyberLink Media Suite 10  is in need of an update but otherwise looks pretty clean.  

 

I agree that 7 was a good system and that 8 is awful.  IF I wanted an Apple interface I would buy a Mac.  I have 2 7's and one 8.1.  I might try upgrading the 8.1 to 10 because I don't expect that 10 is much worse than 8.1 but the 7's are staying like they are.  Got to go to bed now.


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I think the PC is clean so time to cleanout the old restore points:

 

http://www.groovypos...rd-drive-space/

 

You can run delfix as seen here:  http://www.geekstogo...n/#entry2533636

 

That will remove FRST and its quarantined files.

 

I am very fond of adblockplus.  Go to adblockplus.org with each browser that you have and install the adblock extension.  This gets rid of a lot of ads which are sometimes infected.


  • 0

#12
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Awesome news!You mentioned that you don't normally work on Win8 issues so I wanted to point something out for that article on cleaning up the restore points. Not sure if this occurs in other Windows versions, but on my dad's Win 8, I had one extra click that was not in the article. After you open disk cleanup from the properties window, there is a button in the bottom left that says clean system files. Click on it to get the tab that has the system restore and shadow copies button.

 

I agree with the part on adblock. Will try to get it installed next.

 

I remember, from a while back, you all used to have a canned text or reference page for ways to keep from getting infected. Do you recall where that was located? I thought I might leave it open for dad to look through.

 

 

Here is the DelFix Log:

 

# DelFix v1.010 - Logfile created 23/10/2015 at 10:46:52
# Updated 26/04/2015 by Xplode
# Username : prousse1 - OFFICE
# Operating System : Windows 8  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #92 [Windows Update | 10/20/2015 11:45:46]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Will have to find some other instructions next time.

 

 

http://www.geekstogo...he-first-place/

 

is the link you wanted I think.


  • 0

#14
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I think that is it. So far so good. Doing some additional cleanup - removing unused programs, deleting temp files and emptying recycling bin, etc. No more popups as of yet. computer seems to be running smoothly. Again, thank you!


  • 0

#15
prousse1

prousse1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thought I would share this as well. Revo Uninstaller found a left over entry for that Driver Support and SEVERAL remaining registry entries for it. I went ahead and removed all of them. When I clicked uninstall on Driver Support icon, it said there was no installer (I imagine because the things you had me do had already removed the program itself). Just deleting the left over registry items through Revo now.

Attached Thumbnails

  • DriverSupportRevoUninstall1.jpg
  • DriverSupportRevoUninstall2.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP