Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McBeth audio virus problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 pcgirl65

pcgirl65

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 30 April 2018 - 08:19 AM

I would like help with this problem also.  I have a file called Mcbeth.exe that keeps reappearing even after I delete it and it has Malwarebytes going crazy with blocking background website access to ww.meret.pw and others similar.  I have tried everything to get rid of this.   I am including the logs.

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
Malwarebytes       
McAfee VirusScan   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 8 Update 161  
 Java version 32-bit out of Date!
 Adobe Flash Player     29.0.0.113  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Zemana AntiMalware ZAM.exe   
 Malwarebytes Anti-Malware mbamtray.exe  
 Zemana AntiMalware ZAM.exe   
 Windows Defender MSASCuiL.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Farbar Service Scanner Version: 27-01-2016
Ran by Jane's Laptop (administrator) on 30-04-2018 at 08:44:46
Running from "C:\Users\Jane's Laptop\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/18
Scan Time: 8:11 AM
Log File: a34b2bfe-4c6f-11e8-a230-f894c261b4e3.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4922
License: Trial

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: JANE-LAPTOP\Jane's Laptop

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 332156
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 27 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Jane's Laptop (administrator) on 30-04-2018 at 08:47:08
Running from "C:\Users\Jane's Laptop\Downloads"
Microsoft Windows 10 Home  (X64)
Model: HP Spectre x360 Convertible 13-ae0xx Manufacturer: HP
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 8265 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jane-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : HOME

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : F8-94-C2-61-B4-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-11-B9-E4-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : HOME
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 8265
   Physical Address. . . . . . . . . : F8-94-C2-61-B4-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::550c:fecc:2b79:7e74%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : April 30, 2018 7:47:07 AM
   Lease Expires . . . . . . . . . . : May 7, 2018 7:47:07 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 49845442
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-4A-E7-0F-F8-94-C2-61-B4-DF
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : F8-94-C2-61-B4-E3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2837:1fcf:9761:fe7a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2837:1fcf:9761:fe7a%3(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 50331648
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-4A-E7-0F-F8-94-C2-61-B4-DF
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2607:f8b0:400b:80d::200e
      172.217.2.174


Pinging google.com [172.217.2.110] with 32 bytes of data:
Reply from 172.217.2.110: bytes=32 time=79ms TTL=54
Reply from 172.217.2.110: bytes=32 time=13ms TTL=54

Ping statistics for 172.217.2.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 79ms, Average = 46ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  2001:4998:44:41d::3
      2001:4998:c:1023::4
      2001:4998:58:1836::10
      2001:4998:58:1836::11
      2001:4998:44:41d::4
      2001:4998:c:1023::5
      98.138.219.231
      98.138.219.232
      98.137.246.8
      98.137.246.7
      72.30.35.9
      72.30.35.10


Pinging yahoo.com [98.137.246.7] with 32 bytes of data:
Reply from 98.137.246.7: bytes=32 time=142ms TTL=51
Reply from 98.137.246.7: bytes=32 time=76ms TTL=51

Ping statistics for 98.137.246.7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 76ms, Maximum = 142ms, Average = 109ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...f8 94 c2 61 b4 e0 ......Microsoft Wi-Fi Direct Virtual Adapter
  2...00 ff 11 b9 e4 c8 ......TAP-Windows Adapter V9
  6...f8 94 c2 61 b4 df ......Intel® Dual Band Wireless-AC 8265
 11...f8 94 c2 61 b4 e3 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    291
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    291
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  3    331 2001::/32                On-link
  3    331 2001:0:9d38:6ab8:2837:1fcf:9761:fe7a/128
                                    On-link
  6    291 fe80::/64                On-link
  3    331 fe80::/64                On-link
  3    331 fe80::2837:1fcf:9761:fe7a/128
                                    On-link
  6    291 fe80::550c:fecc:2b79:7e74/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    291 ff00::/8                 On-link
  3    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/28/2018 05:49:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.248, time stamp: 0x7a3355c2
Faulting module name: ntdll.dll, version: 10.0.16299.334, time stamp: 0xe508fc03
Exception code: 0xc000070a
Fault offset: 0x000000000010b22d
Faulting process id: 0xcc0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5

Error: (04/28/2018 05:46:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: msxml6.dll, version: 6.30.16299.98, time stamp: 0x7339c6c8
Exception code: 0xc0000005
Fault offset: 0x000000000008c3e0
Faulting process id: 0x3cdc
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/28/2018 04:11:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: msxml6.dll, version: 6.30.16299.98, time stamp: 0x7339c6c8
Exception code: 0xc0000005
Fault offset: 0x000000000008c3e0
Faulting process id: 0x4134
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (04/28/2018 04:02:25 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/28/2018 02:37:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3954

Error: (04/28/2018 02:37:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3954

Error: (04/28/2018 02:37:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/28/2018 02:10:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: ic-0.c9746b013e968.exe, version: 9.0.0.1000, time stamp: 0x5ae3a9c4
Faulting module name: ic-0.c9746b013e968.exe, version: 9.0.0.1000, time stamp: 0x5ae3a9c4
Exception code: 0xc0000005
Fault offset: 0x00003375
Faulting process id: 0x4058
Faulting application start time: 0xic-0.c9746b013e968.exe0
Faulting application path: ic-0.c9746b013e968.exe1
Faulting module path: ic-0.c9746b013e968.exe2
Report Id: ic-0.c9746b013e968.exe3
Faulting package full name: ic-0.c9746b013e968.exe4
Faulting package-relative application ID: ic-0.c9746b013e968.exe5

Error: (04/27/2018 06:37:59 AM) (Source: HP Comm Recovery) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....

Error: (04/23/2018 07:22:36 AM) (Source: HP Comm Recovery) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
   at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).


System errors:
=============
Error: (04/30/2018 08:02:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:48:40 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:46 AM) (Source: Microsoft-Windows-TPM-WMI) (User: NT AUTHORITY)
Description: The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572

Error: (04/30/2018 07:46:43 AM) (Source: Microsoft-Windows-TPM-WMI) (User: NT AUTHORITY)
Description: The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/30/2018 07:46:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (04/28/2018 05:49:32 PM) (Source: Application Error)(User: )
Description: AUDIODG.EXE10.0.16299.2487a3355c2ntdll.dll10.0.16299.334e508fc03c000070a000000000010b22dcc001d3df3964df26d9C:\WINDOWS\system32\AUDIODG.EXEC:\WINDOWS\SYSTEM32\ntdll.dll639e6eae-eb39-4ad6-a103-b689a9329006

Error: (04/28/2018 05:46:22 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.16299.157640753dmsxml6.dll6.30.16299.987339c6c8c0000005000000000008c3e03cdc01d3df3a56918fabC:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\msxml6.dll5ebdd1a1-df5b-46b3-ae53-afc850865475windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/28/2018 04:11:12 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.16299.157640753dmsxml6.dll6.30.16299.987339c6c8c0000005000000000008c3e0413401d3df2d0a4aac96C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\msxml6.dll83a0c9d7-a872-4ea7-9e5c-39a19b0a0273windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/28/2018 04:02:25 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/28/2018 02:37:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3954

Error: (04/28/2018 02:37:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3954

Error: (04/28/2018 02:37:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/28/2018 02:10:19 PM) (Source: Application Error)(User: )
Description: ic-0.c9746b013e968.exe9.0.0.10005ae3a9c4ic-0.c9746b013e968.exe9.0.0.10005ae3a9c4c000000500003375405801d3df1c199bc1c0C:\Users\JANE'S~1\AppData\Local\Temp\260150656\ic-0.c9746b013e968.exeC:\Users\JANE'S~1\AppData\Local\Temp\260150656\ic-0.c9746b013e968.exe03b09770-6c39-4148-89f4-ade57b584bce

Error: (04/27/2018 06:37:59 AM) (Source: HP Comm Recovery)(User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode)
   at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   at _HPCommRecovery.Tools.Signtool.Verify(String arg)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.....

Error: (04/23/2018 07:22:36 AM) (Source: HP Comm Recovery)(User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
   at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
   at _HPCommRecovery.HPAHAgent.CallAgent()
   at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   at _HPCommRecovery.HPAHLogger.NewSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).


CodeIntegrity Errors:
===================================
  Date: 2018-04-30 07:51:42.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:51:42.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:31:11.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:31:11.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:20:34.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:20:34.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:19:20.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:19:20.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:19:14.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-04-30 07:19:14.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


=========================== Installed Programs ============================

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.17 - ELAN microelectronics Crop.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.8.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP IR Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.11299 - Realtek Semiconductor Corp.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Pen Control (HKLM-x32\...\{259BAC8D-CF33-4229-84E9-22DC267A44A9}}_is1) (Version: 2.0.0.21 - ELAN microelectronics Corp.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.8.47.1 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{4B0A7A8A-ECE5-4639-9A0D-C535F354313D}) (Version: 1.4.26 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10205.4743 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R10 - McAfee, Inc.)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
Private Internet Access v79 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 79 - London Trust Media, Inc.)
psqlODBC (HKLM-x32\...\{D3527FA5-9C2B-4550-A59B-9534A78950F4}) (Version: 09.03.0300 - PostgreSQL Global Development Group)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.153 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8351 - Realtek Semiconductor Corp.)
RoboForm 8-4-9-9 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-9-9 - Siber Systems)
Spire 2.9.5 Build 3 (HKLM-x32\...\Spire_is1) (Version: 2.9.5 - Spire Systems Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Synaptics WBF FP Reader (HKLM\...\{580F54CA-BC56-46DD-A9B1-950A48299A32}) (Version: 5.5.14.1088 - Synaptics Incorporated)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows Driver Package - ELAN Provider (EzTouchFilter) HIDClass  (07/05/2017 1.0.0.4) (HKLM\...\66BB8C0807F0004CB4E37DD6A0CFF92023D98AC2) (Version: 07/05/2017 1.0.0.4 - ELAN Provider)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

========================= Devices: ================================

Name: Intel® Smart Sound Technology (Intel® SST) OED
Description: Intel® Smart Sound Technology (Intel® SST) OED
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcOED
Device ID: INTELAUDIO\DSP_CTLR_DEV_9D71&VEN_8086&DEV_0222&SUBSYS_00000022&REV_0001\4&386966C7&0&0800
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 8037.35 MB
Available physical RAM: 3763 MB
Total Virtual: 8549.35 MB
Available Virtual: 3515.27 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:225.73 GB) (Free:185.28 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.51 GB) (Free:1.42 GB) NTFS

========================= Users: ========================================

User accounts for \\JANE-LAPTOP

Administrator            DefaultAccount           Guest                    
Jane's Laptop            WDAGUtilityAccount       

========================= Restore Points ==================================

28-04-2018 20:34:44 Scheduled Checkpoint

**** End of log ****
 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/30/2018 09:11:17 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\JANE'S~1\AppData\Local\Temp\ocr3FB8.tmp\bin\rubyw.exe (PID: 12240) [T-HEUR]
 * C:\Users\JANE'S~1\AppData\Local\Temp\ocr902A.tmp\bin\rubyw.exe (PID: 12648) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/30/2018 09:11:43 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
 

I also ran Malwarebytes scan but I can't seem to find the logs for that.  It showed no infection and it didn't clean anything.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 PM

Posted 01 May 2018 - 01:04 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 PM

Posted 07 May 2018 - 07:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users