Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do i have malware or some sort?


  • This topic is locked This topic is locked
11 replies to this topic

#1 alvaro0114

alvaro0114

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 29 June 2018 - 10:12 AM

Good evening,

I cannot recall what the pop up message said,but when i turned on my laptop a black screen popped up with a bios message of some sort i cannot remember what it said. I was about to take a picture and all of a sudden it rebooted normally. It did reset my time zone and who knows what else it did.

The computer seems to be running normally. I had an infection with my usb before few months back so i dont think that has anything to do since it got solved.

I am worried i have malware or something.

Here are my logs, thank you in advanced.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Alvaro (administrator) on DESKTOP-IFHSKRC (29-06-2018 10:54:03)
Running from C:\Users\Alvaro\Downloads
Loaded Profiles: Alvaro &  (Available Profiles: Alvaro & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.9330.2124\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-17] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455816 2017-02-02] (Power Software Ltd)
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alvaro\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alvaro\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\MountPoints2: E - "E:\instalar.exe"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alvaro\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alvaro\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\MountPoints2: E - "E:\instalar.exe"
HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\ccleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
Startup: C:\Users\Alvaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2018-04-19]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{754fd046-b70d-4ceb-9bb3-7cf05b297ad9}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{75a584d6-cb16-49f7-aa32-c07a646d425d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{f00246df-988a-443d-92c2-e2778a910538}: [DhcpNameServer] 40.23.1.11

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {484F7148-2235-431A-8995-35D2FDEAE44F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-1001 -> {484F7148-2235-431A-8995-35D2FDEAE44F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390 -> {484F7148-2235-431A-8995-35D2FDEAE44F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203 -> {484F7148-2235-431A-8995-35D2FDEAE44F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-24] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-11] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-11] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: n2jy4c4q.default
FF ProfilePath: C:\Users\Alvaro\AppData\Roaming\Mozilla\Firefox\Profiles\n2jy4c4q.default [2018-06-29]
FF Homepage: Mozilla\Firefox\Profiles\n2jy4c4q.default -> google.com/
FF Extension: (All Aboard) - C:\Users\Alvaro\AppData\Roaming\Mozilla\Firefox\Profiles\n2jy4c4q.default\Extensions\@all-aboard-v1-5.xpi [2017-05-14] [Legacy]
FF Extension: (MEGA) - C:\Users\Alvaro\AppData\Roaming\Mozilla\Firefox\Profiles\n2jy4c4q.default\Extensions\firefox@mega.co.nz.xpi [2018-06-29]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-06-21] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-09] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2018-01-13] (HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-07-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [306944 2015-08-17] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2018-01-13] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-29] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [53760 2017-12-18] (HP)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [39936 2017-12-18] (HP)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-06] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-19] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-07-19] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2018-01-13] (Synaptics Incorporated)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2018-01-13] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-29] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2018-01-13] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 10:54 - 2018-06-29 10:55 - 000016686 _____ C:\Users\Alvaro\Downloads\FRST.txt
2018-06-29 10:52 - 2018-06-29 10:53 - 002412544 _____ (Farbar) C:\Users\Alvaro\Downloads\FRST64.exe
2018-06-29 10:33 - 2018-06-29 10:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-29 10:25 - 2018-06-29 10:25 - 000313760 _____ (Mozilla) C:\Users\Alvaro\Downloads\Firefox Installer.exe
2018-06-26 14:50 - 2018-06-26 14:51 - 002096075 _____ C:\Users\Alvaro\Downloads\55697610-7250608-Alejandro-Fabbri-El-Nacimiento-de-Una-Pasion.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 10:54 - 2018-04-05 09:29 - 000000000 ____D C:\FRST
2018-06-29 10:44 - 2018-05-27 10:44 - 000003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlvaro
2018-06-29 10:44 - 2018-05-27 10:44 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlvaro.job
2018-06-29 10:37 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-29 10:33 - 2016-12-07 01:13 - 000000000 ____D C:\Users\Alvaro\AppData\LocalLow\Mozilla
2018-06-29 10:33 - 2016-12-05 02:18 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-29 10:33 - 2016-12-05 02:18 - 000001227 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-29 10:33 - 2016-12-05 02:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-29 10:21 - 2018-01-24 22:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-29 10:17 - 2018-01-13 18:34 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1371854649-3712086544-3624237114-1001
2018-06-29 10:17 - 2016-12-03 17:17 - 000002377 _____ C:\Users\Alvaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-29 10:17 - 2016-12-03 17:17 - 000000000 ___RD C:\Users\Alvaro\OneDrive
2018-06-29 10:13 - 2018-01-13 18:34 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B761E5F-8B8F-424F-B5CA-6381A9B2A25F}
2018-06-29 10:09 - 2018-01-13 19:37 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-29 10:09 - 2016-12-03 17:12 - 000000000 __SHD C:\Users\Alvaro\IntelGraphicsProfiles
2018-06-03 11:35 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-03 11:05 - 2018-01-24 13:19 - 000000000 ____D C:\Users\Alvaro\.VirtualBox

==================== Files in the root of some directories =======

2018-03-23 11:13 - 2018-03-23 11:13 - 000000017 _____ () C:\Users\Alvaro\AppData\Local\resmon.resmoncfg
2017-08-26 21:02 - 2017-08-26 21:02 - 000000000 _____ () C:\Users\Alvaro\AppData\Local\{E1BC75FA-F7F3-4CD7-8F6B-DED5DCC1866B}

Some files in TEMP:
====================
2018-04-19 08:44 - 2006-07-24 01:38 - 000026112 _____ (NirSoft) C:\Users\Alvaro\AppData\Local\Temp\nircmd.exe
2018-04-19 08:44 - 2006-03-02 23:42 - 000073728 _____ () C:\Users\Alvaro\AppData\Local\Temp\pv.exe
2018-04-19 08:44 - 2006-11-27 02:34 - 000049152 _____ () C:\Users\Alvaro\AppData\Local\Temp\vfind.exe
2018-05-09 09:39 - 2018-05-09 09:40 - 006612768 _____ (Microsoft Corporation) C:\Users\Alvaro\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 20:52

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Alvaro (29-06-2018 10:56:29)
Running from C:\Users\Alvaro\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-13 22:37:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1371854649-3712086544-3624237114-500 - Administrator - Disabled) => C:\Users\Administrator
Alvaro (S-1-5-21-1371854649-3712086544-3624237114-1001 - Administrator - Enabled) => C:\Users\Alvaro
DefaultAccount (S-1-5-21-1371854649-3712086544-3624237114-503 - Limited - Disabled)
Guest (S-1-5-21-1371854649-3712086544-3624237114-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1371854649-3712086544-3624237114-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.695 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 61.0 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0 (x64 en-US)) (Version: 61.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
OmegaT version 3.6.0_09 (HKLM-x32\...\OmegaT 3.6.0_09_is1) (Version:  - OmegaT)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
PyScripter 3.3.1 (HKLM\...\PyScripter_is1) (Version: 3.3.1 - PyScripter)
Python 3.6.5 (64-bit) (HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\{9d1b786e-0fd4-4386-abc1-4b920ab32da9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 (64-bit) (HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\{9d1b786e-0fd4-4386-abc1-4b920ab32da9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 Core Interpreter (64-bit) (HKLM\...\{CCE23D38-AE4C-41EE-867C-7DF7DCB52E7F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Development Libraries (64-bit) (HKLM\...\{6A7E897E-3F28-41DE-8EA7-FD3325FA881A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Documentation (64-bit) (HKLM\...\{B85E198A-D267-47DB-8F8C-1E5A95F77305}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Executables (64-bit) (HKLM\...\{B145D381-BCBE-408A-BDFA-0871790EC59D}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 pip Bootstrap (64-bit) (HKLM\...\{E828E9CB-111D-4185-AA7E-DD61923A61ED}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Standard Library (64-bit) (HKLM\...\{1A3684F6-CDA3-461A-83BA-186C525DA86F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Tcl/Tk Support (64-bit) (HKLM\...\{20DE5A77-9F46-44D8-BB87-A10325DC493A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Test Suite (64-bit) (HKLM\...\{C1BE25E2-19E0-4148-AE98-7A576D1E1528}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Utility Scripts (64-bit) (HKLM\...\{97CD25CA-B289-442B-96F9-D0F17B2617E9}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7581 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-27] (Intel Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E1E825-F349-4476-B36C-CE319444A455} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-24] (Microsoft Corporation)
Task: {0B7660E0-9CBE-4D91-8CB7-C6A47C451528} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {0DCBD8F9-77EA-423F-9390-9CA176E8D949} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {2EB6C583-D602-4D02-9DC6-D2E8CD500739} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner64.exe [2017-09-20] (Piriform Ltd)
Task: {3065E2B9-CC91-4706-A3C6-EC6B20775A59} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3E37D7E5-2EF6-488D-912A-430575211589} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {402A74E0-FA9F-49EC-BF79-1C37407D3647} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-24] (Microsoft Corporation)
Task: {4E7D4AA4-058F-4358-8AA5-22F9D06EA878} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-29] (Microsoft Corporation)
Task: {5C24DF87-BFA4-40C6-9D80-3C847CC0AC3D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-05-17] (Microsoft Corporation)
Task: {6C2FE44E-A208-4D4A-BC9C-A9C0AAC6068B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {6E661F58-AD82-401E-803A-44F820EF4583} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {8F374AF7-C33B-43F7-A922-A6710CD7EB86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-29] (Microsoft Corporation)
Task: {A7243D3F-CE45-42F0-989F-A8353F00A1A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-29] (Microsoft Corporation)
Task: {AFFC21AB-0BD4-4A92-8C45-C457D069C273} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {B1F4CE67-3DDE-4690-8648-555F78E8C66E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BCD3B476-30AA-460A-8D27-167F1F831ECD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {C063C82D-C679-44B0-A97B-512135D92229} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {CF9BAEE0-E564-4045-829C-B973C8503BF8} - System32\Tasks\HPCeeScheduleForAlvaro => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D62B93F3-A396-4762-96A6-D7011103D126} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {D805A6D7-B08D-4BA0-A92D-EB5601527DB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {DB746E06-7B50-4C97-B5D4-A0E0B0786611} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-29] (Microsoft Corporation)
Task: {E72539F5-BB26-4152-9DDA-C243C56D4AD5} - System32\Tasks\S-1-5-21-1371854649-3712086544-3624237114-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {F26A7733-D4E1-415D-A0B0-6525D7AFE916} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {F43F0DFC-B783-4E5D-8BC7-F2FDD2F5B687} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlvaro.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2018-04-05 10:26 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-13 21:33 - 2017-12-13 21:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 21:33 - 2017-12-13 21:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-24 22:57 - 2018-01-24 22:59 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2017-05-15 12:54 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105258953\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259171\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1FE2ED3-B947-4F05-9132-9C3199C27B23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B01622C6-BCEC-4A08-9E58-3345FBC33BFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93E780CD-632F-4A1C-B618-0B7234D78C5C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{E0EE016C-90A8-4112-A032-5F22EE076900}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{2B9D53FE-F153-4461-8368-65CD1E4E053C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F17EB211-4242-42CA-8ED3-437BFC4D1540}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DFE5E66E-4F45-4C22-B50B-BB6DE5C0B30E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5B05AD0-4F1A-4757-8062-B56D484B2E98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9EA31939-7C49-4407-B226-5C07857DFA26}C:\users\alvaro\appdata\local\programs\python\python36\python.exe] => (Allow) C:\users\alvaro\appdata\local\programs\python\python36\python.exe
FirewallRules: [UDP Query User{C6CAEDC5-139E-4E64-B5D8-383527EE95C8}C:\users\alvaro\appdata\local\programs\python\python36\python.exe] => (Allow) C:\users\alvaro\appdata\local\programs\python\python36\python.exe
FirewallRules: [TCP Query User{4D79A3F8-D086-45D0-AA50-D0F69E31B02B}C:\users\alvaro\appdata\local\temp\ignc359.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ignc359.tmp\lmiignition.exe
FirewallRules: [UDP Query User{3AC262AA-6422-4C8E-A01D-20D375136882}C:\users\alvaro\appdata\local\temp\ignc359.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ignc359.tmp\lmiignition.exe
FirewallRules: [TCP Query User{F99F4DE1-45D9-466E-9167-06A0384F2650}C:\users\alvaro\appdata\local\temp\ign28f7.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ign28f7.tmp\lmiignition.exe
FirewallRules: [UDP Query User{CFF006ED-CB53-4EF1-9A4A-4A97BA588F18}C:\users\alvaro\appdata\local\temp\ign28f7.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ign28f7.tmp\lmiignition.exe
FirewallRules: [TCP Query User{5DCF79EC-5B55-4DD0-8244-98508C2CF61F}C:\users\alvaro\appdata\local\temp\ign7668.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ign7668.tmp\lmiignition.exe
FirewallRules: [UDP Query User{24C7EC13-7DE9-45DC-A409-C456AFDFBBDB}C:\users\alvaro\appdata\local\temp\ign7668.tmp\lmiignition.exe] => (Allow) C:\users\alvaro\appdata\local\temp\ign7668.tmp\lmiignition.exe
FirewallRules: [TCP Query User{DA9459DA-F4DD-4B97-8400-BBF6C3D8A851}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0DA00488-031A-41E7-A7D5-FD01132F71F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

14-05-2018 21:44:51 Removed Evernote v. 5.8.6
03-06-2018 11:33:31 Windows Update
03-06-2018 11:34:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2018 09:38:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/14/2018 09:24:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoDirector5.exe, version: 5.0.5.6713, time stamp: 0x55823a97
Faulting module name: ntdll.dll, version: 10.0.16299.192, time stamp: 0x6dead514
Exception code: 0xc0000005
Fault offset: 0x00000000000287e0
Faulting process id: 0xc98
Faulting application start time: 0x01d3ebeb76d20672
Faulting application path: C:\Program Files\CyberLink\PhotoDirector\PhotoDirector5.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5d72fca3-caf8-4293-bdac-6fd43c9f35a6
Faulting package full name:
Faulting package-relative application ID:

Error: (05/14/2018 09:24:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/09/2018 09:04:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-IFHSKRC)
Description: Package windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (04/09/2018 09:04:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc000041d
Fault offset: 0x00000000001f6ff4
Faulting process id: 0x1fbc
Faulting application start time: 0x01d3d0031dc5fadb
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 72eeec7c-3ce1-4979-a34c-21d1f019d211
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (04/09/2018 09:03:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000005
Fault offset: 0x00000000001f6ff4
Faulting process id: 0x1fbc
Faulting application start time: 0x01d3d0031dc5fadb
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 6f885e19-9651-41df-b01d-41be8f9cf58f
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (04/04/2018 01:19:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UserEnvState.exe, version: 2.2.3025.0, time stamp: 0x58404cda
Faulting module name: UserEnvState.exe, version: 2.2.3025.0, time stamp: 0x58404cda
Exception code: 0xc0000005
Fault offset: 0x00000000000039e4
Faulting process id: 0x1e50
Faulting application start time: 0x01d3cc3907d0003b
Faulting application path: C:\Program Files\Common Files\McAfee\MSGSDK\UserEnvState.exe
Faulting module path: C:\Program Files\Common Files\McAfee\MSGSDK\UserEnvState.exe
Report Id: bb176cf0-88ac-40e9-9eb9-76302f3ef1ad
Faulting package full name:
Faulting package-relative application ID:

Error: (03/29/2018 10:32:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet


System errors:
=============
Error: (06/29/2018 10:37:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2018 10:24:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2018 01:56:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/03/2018 11:34:20 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 1997742 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) is working properly.

Error: (06/03/2018 11:34:18 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 1997742 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) is working properly.

Error: (06/03/2018 11:34:16 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 1997742 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) is working properly.

Error: (06/03/2018 11:34:14 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 1997742 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) is working properly.

Error: (06/03/2018 11:34:13 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 1997742 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) is working properly.


Windows Defender:
===================================
Date: 2018-06-29 10:21:40.710
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {11460C44-481F-4EFD-991F-C530739947DD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-21 22:13:41.142
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E65CA774-8CB2-4035-B91F-C111CF11B855}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-04-29 18:06:55.533
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6523E85B-1482-49FA-9F25-73C43E30E752}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-04 21:32:00.835
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/CplLnk.A&threatid=2147636234&enterprise=0
Name: Exploit:Win32/CplLnk.A
ID: 2147636234
Severity: Severe
Category: Exploit
Path: file:_H:\Copy of Shortcut to (1).lnk;file:_H:\Copy of Shortcut to (2).lnk;file:_H:\Copy of Shortcut to (3).lnk;file:_H:\Copy of Shortcut to (4).lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.113.0, AS: 1.263.113.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-04-04 21:32:00.768
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/CplLnk.A&threatid=2147636234&enterprise=0
Name: Exploit:Win32/CplLnk.A
ID: 2147636234
Severity: Severe
Category: Exploit
Path: file:_H:\Copy of Shortcut to (1).lnk;file:_H:\Copy of Shortcut to (2).lnk;file:_H:\Copy of Shortcut to (3).lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.113.0, AS: 1.263.113.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-06-26 14:58:25.099
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.51.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x84990419
Error description:

Date: 2018-06-26 14:58:25.099
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.51.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x84990419
Error description:

Date: 2018-06-26 14:58:25.098
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.51.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x84990419
Error description:

Date: 2018-06-26 14:46:05.782
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.559.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-24 20:55:35.605
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.51.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-06-29 10:41:42.340
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:41:42.337
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:41:36.453
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:41:36.449
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:37:52.407
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:37:52.403
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:37:41.019
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-29 10:37:41.014
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 38%
Total physical RAM: 8120.27 MB
Available physical RAM: 5003.97 MB
Total Virtual: 9400.27 MB
Available Virtual: 6457.75 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.45 GB) (Free:839.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.74 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{e74c2a16-9fe6-4ef3-9fef-fbbb187f9c91}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{950fbe8d-7961-4454-9382-4b257f298b5c}\ () (Fixed) (Total:0.93 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1473EBFB)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 30 June 2018 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

CHR DefaultSearchURL: Default -> hxxp://search.whiteskyservices.com/?dtid=1&pid=21&src=sgsearch&searchparam={searchTerms}
CHR DefaultSearchKeyword: Default -> whiteskyservices.com
CHR DefaultSuggestURL: Default -> hxxp://search.whiteskyservices.com/?dtid=1&pid=21&src=sgsearch&searchparam={searchTerms}
CHR Extension: (Connect) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeihfhnbnfemlajfadhbpdfiipncebld [2015-10-08]

RemoveProxy:

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists please download and run the Malicious Software Removal Tool from Microsoft.
https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
===

Let me know if the problem persists.

#3 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 01 July 2018 - 09:32 AM

Thank you nasdaq sorry for taking long. As soon as i get on my computer i will post the results. Am i infected?

#4 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 01 July 2018 - 12:25 PM

Ok here are the scan results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Alvaro (01-07-2018 13:17:36) Run:1
Running from C:\Users\Alvaro\Downloads
Loaded Profiles: Alvaro &  (Available Profiles: Alvaro & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

CHR DefaultSearchURL: Default -> hxxp://search.whiteskyservices.com/?dtid=1&pid=21&src=sgsearch&searchparam={searchTerms}
CHR DefaultSearchKeyword: Default -> whiteskyservices.com
CHR DefaultSuggestURL: Default -> hxxp://search.whiteskyservices.com/?dtid=1&pid=21&src=sgsearch&searchparam={searchTerms}
CHR Extension: (Connect) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeihfhnbnfemlajfadhbpdfiipncebld [2015-10-08]

RemoveProxy:

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome DefaultSearchURL" => not found
"Chrome DefaultSearchKeyword" => not found
"Chrome DefaultSuggestURL" => not found
CHR Extension: (Connect) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeihfhnbnfemlajfadhbpdfiipncebld [2015-10-08] => Error: No automatic fix found for this entry.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105259390\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1371854649-3712086544-3624237114-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06292018105300203\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========



The system needed a reboot.

==== End of Fixlog 13:18:17 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 01 July 2018 - 01:15 PM

Hi,

Has your problem been solved?

#6 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 01 July 2018 - 03:18 PM

I havent used the computer. i believe its ok. I dont use it much lately because i dont have internet. What kind of thing did it eliminate?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 02 July 2018 - 06:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Was the internet working before my previous fix?

Run this fix and let me know if the Internet returns.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If you get any error message please post it.
It may help iin finding the culprit

#8 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 02 July 2018 - 09:27 AM

Sorry. I meant i dont have an ISP. I use wifi from my uncle. Thats why i dont use the Computer much but it runs ok. I was just worried.

Edited by alvaro0114, 02 July 2018 - 09:28 AM.


#9 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 02 July 2018 - 09:32 AM

This is no longer on the system correct? It was because of a usb flash drive

Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/CplLnk.A&threatid=2147636234&enterprise=0
Name: Exploit:Win32/CplLnk.A
ID: 2147636234
Severity: Severe
Category: Exploit
Path: file:_H:\Copy of Shortcut to (1).lnk;file:_H:\Copy of Shortcut to (2).lnk;file:_H:\Copy of Shortcut to (3).lnk;file:_H:\Copy of Shortcut to (4).lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.113.0, AS: 1.263.113.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-04-04 21:32:00.768
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/CplLnk.A&threatid=2147636234&enterprise=0
Name: Exploit:Win32/CplLnk.A
ID: 2147636234
Severity: Severe
Category: Exploit
Path: file:_H:\Copy of Shortcut to (1).lnk;file:_H:\Copy of Shortcut to (2).lnk;file:_H:\Copy of Shortcut to (3).lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.263.113.0, AS: 1.263.113.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 03 July 2018 - 07:09 AM

Hi,

Sorry. I meant i dont have an ISP. I use wifi from my uncle. Thats why i dont use the Computer much but it runs ok. I was just worried.

That's OK.

This is no longer on the system correct? It was because of a usb flash drive

These files were on the H\:drive.
You should know if you want to keep them.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 alvaro0114

alvaro0114
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 03 July 2018 - 10:04 AM

Windows defender quarantine it and i use the command prompt to eliminate it.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 04 July 2018 - 06:22 AM

Good Work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users