Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MYPcBackup.com website pop-up after removing "cryptolocker"


  • This topic is locked This topic is locked
13 replies to this topic

#1 justinloh33

justinloh33

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 12 November 2015 - 05:58 PM

I was playing around with some less than reputable sites for a GTA v mod, and got hit with a "cryptolocker" virus (I dont think its the actual virus but maybe a clone). I managed to run Malwarebytes and Hitmanpro to get rid of it, and saved my files from being encrypted. I think I managed to get every last bit of malware off the system (I run mine relatively clean this is my first run in with malware), but everytime I boot up Google chrome a windows 10 pop-up appears asking which browser i want to use to open a web page. Note that this happens when I open chrome. If i click the chrome option, it takes me to Mypcbackup.com. Considering I just got hit by "cryptolocker" i dont think this is a coincidence. Any help would be taken with great appreciation

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by JustinLoh (administrator) on MSI (12-11-2015 22:49:25)
Running from C:\Users\JustinLoh\Downloads
Loaded Profiles: JustinLoh & DefaultAppPool (Available Profiles: JustinLoh & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files (x86)\Genius\Maurus\mousehid.exe
() C:\Program Files (x86)\Genius\Maurus\trayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6228.10111.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Users\JustinLoh\Downloads\regassassin-setup-1.03.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2015-08-28] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-08-22] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408232 2013-08-22] (MSI)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [396688 2015-08-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-09-10] (MSI)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Maurus] => C:\Program Files (x86)\Genius\Maurus\mousehid.exe [300544 2013-03-04] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2015-09-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\RunOnce: [Uninstall C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\RunOnce: [Uninstall C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\RunOnce: [Uninstall C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177416 2015-10-03] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177416 2015-10-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JustinLoh\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-10-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2014-04-10]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\JustinLoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 109.246.13.15
Tcpip\..\Interfaces\{8c6ddbe9-3fe8-431d-8aef-9ab6bf6e0af7}: [DhcpNameServer] 109.246.13.15
Tcpip\..\Interfaces\{98b5995f-c1ad-4752-81b8-fd0b6ef6f694}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{98b5995f-c1ad-4752-81b8-fd0b6ef6f694}: [DhcpNameServer] 109.246.13.15
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4234761149-2200977614-3614621967-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll [2014-04-09] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll [2014-04-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-07] (Apple Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\JustinLoh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Profile: C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-08-28] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-08-22] (Micro-Star International Co., Ltd.) [File not signed]
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-10] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-09] (Electronic Arts)
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-16] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-28] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-05-09] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-16] (Qualcomm Atheros, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 busenum; C:\Windows\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-08] (Disc Soft Ltd)
R3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [174448 2013-05-16] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-25] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-08-28] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [407112 2013-11-07] (Realsil Semiconductor Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-10-08] (SteelSeries Corporation) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-11-30] (Basil Projects)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-12 22:49 - 2015-11-12 22:50 - 00025859 _____ C:\Users\JustinLoh\Downloads\FRST.txt
2015-11-12 22:49 - 2015-11-12 22:49 - 00000000 ____D C:\FRST
2015-11-12 22:48 - 2015-11-12 22:49 - 02198528 _____ (Farbar) C:\Users\JustinLoh\Downloads\FRST64.exe
2015-11-12 22:34 - 2015-11-12 22:35 - 22908888 _____ (Malwarebytes ) C:\Users\JustinLoh\Downloads\mbam-setup-2.2.0.1024 (2).exe
2015-11-12 22:33 - 2015-11-12 22:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 22:33 - 2015-11-12 22:33 - 00001185 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-12 22:33 - 2015-11-12 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-12 22:33 - 2015-11-12 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-12 22:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-12 22:33 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-12 22:33 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-12 22:32 - 2015-11-12 22:32 - 00065232 _____ (Malwarebytes) C:\Users\JustinLoh\Downloads\regassassin-setup-1.03.exe
2015-11-12 22:31 - 2015-11-12 22:32 - 22908888 _____ (Malwarebytes ) C:\Users\JustinLoh\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-11-12 22:26 - 2015-11-12 22:26 - 00016148 _____ C:\WINDOWS\system32\MSI_JustinLoh_HistoryPrediction.bin
2015-11-11 17:35 - 2015-11-11 17:44 - 00000000 ____D C:\Users\JustinLoh\Downloads\Motopony - Motopony (2011)
2015-11-11 17:35 - 2015-11-11 17:35 - 00016842 _____ C:\Users\JustinLoh\Downloads\[rutracker.org].t3712552.torrent
2015-11-11 17:34 - 2015-11-11 17:41 - 00000000 ____D C:\Users\JustinLoh\Downloads\Motopony - Welcome You (2015)
2015-11-11 17:34 - 2015-11-11 17:34 - 00017723 _____ C:\Users\JustinLoh\Downloads\[rutracker.org].t5032693.torrent
2015-11-11 17:25 - 2015-11-11 17:25 - 00013396 _____ C:\Users\JustinLoh\Downloads\[rutracker.org].t5107528.torrent
2015-11-11 16:57 - 2015-11-11 16:58 - 31783789 _____ C:\Users\JustinLoh\Downloads\Photography - EP1.zip
2015-11-11 15:44 - 2015-11-11 15:44 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\CrashDumps
2015-11-11 15:37 - 2015-11-11 15:37 - 00003822 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-11-11 15:37 - 2015-11-11 15:37 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-11 14:34 - 2015-11-11 14:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-11-11 14:33 - 2015-11-11 14:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JustinLoh\Downloads\revosetup.exe
2015-11-11 14:27 - 2015-11-11 14:27 - 00001694 _____ C:\WINDOWS\PFRO.log
2015-11-11 14:22 - 2015-11-11 14:30 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\NPE
2015-11-11 14:22 - 2015-11-11 14:22 - 03088296 _____ (Symantec Corporation) C:\Users\JustinLoh\Downloads\NPE.exe
2015-11-11 14:20 - 2015-11-12 12:06 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-11 02:35 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 02:35 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 02:35 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 02:35 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 02:35 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 02:35 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 02:35 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 02:35 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 02:35 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 02:35 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 02:35 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 02:35 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 02:35 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 02:35 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 02:35 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 02:35 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 02:35 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 02:35 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 02:35 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 02:35 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 02:35 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 02:35 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 02:35 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 02:35 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 02:35 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 02:35 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 02:35 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 02:35 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 02:35 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 02:35 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 02:35 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 02:35 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 02:35 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 02:35 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 02:35 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 02:35 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 02:35 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 02:35 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 02:35 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 02:35 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 02:35 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 02:35 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 02:35 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 02:35 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 02:35 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 02:35 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 02:35 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 02:35 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 02:35 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 02:35 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 02:35 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 02:35 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 02:35 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 22:03 - 2015-11-10 22:03 - 00000860 _____ C:\WINDOWS\system32\.crusader
2015-11-10 20:56 - 2015-11-11 13:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-10 20:26 - 2015-11-10 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-10 20:24 - 2015-11-10 20:26 - 11337112 _____ (SurfRight B.V.) C:\Users\JustinLoh\Downloads\HitmanPro_x64.exe
2015-11-10 20:22 - 2015-11-10 20:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 20:21 - 2015-11-10 20:22 - 22908888 _____ (Malwarebytes ) C:\Users\JustinLoh\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-10 20:13 - 2015-11-10 20:13 - 00000003 _____ C:\ProgramData\wmpp.dat
2015-11-10 10:40 - 2015-11-10 10:40 - 00004196 _____ C:\WINDOWS\System32\Tasks\Backup Update Service
2015-11-10 10:40 - 2015-11-10 10:40 - 00003836 _____ C:\WINDOWS\System32\Tasks\Win Update Service
2015-11-09 10:34 - 2015-11-12 22:11 - 00000000 ____D C:\Users\JustinLoh\Desktop\Neuberger
2015-11-05 11:51 - 2015-11-05 12:00 - 741558466 _____ C:\Users\JustinLoh\Downloads\Payne_Effects_3.2.rar
2015-11-05 11:40 - 2015-11-05 11:40 - 00085003 _____ C:\Users\JustinLoh\Downloads\Stopmotion.zip
2015-11-04 15:54 - 2015-11-04 15:54 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader
2015-11-04 15:54 - 2015-11-04 15:54 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\Flvto
2015-11-04 02:17 - 2015-11-04 02:17 - 06762072 _____ (Piriform Ltd) C:\Users\JustinLoh\Downloads\ccsetup511.exe
2015-11-04 01:52 - 2015-11-04 01:52 - 00000000 ____D C:\Users\JustinLoh\Documents\Rockstar Games
2015-11-03 16:58 - 2015-11-03 16:58 - 00000137 _____ C:\Users\JustinLoh\Desktop\eBridge.url
2015-11-03 16:57 - 2015-11-03 16:58 - 00000129 _____ C:\Users\JustinLoh\Desktop\Gmail.url
2015-11-03 16:57 - 2015-11-03 16:57 - 00000118 _____ C:\Users\JustinLoh\Desktop\Hull Email.url
2015-11-03 09:48 - 2015-11-03 09:49 - 38947386 _____ C:\Users\JustinLoh\Downloads\cinema-2.exe
2015-10-31 03:03 - 2015-10-31 03:04 - 00001897 _____ C:\Users\JustinLoh\Desktop\MaxPayne2 - Shortcut.lnk
2015-10-31 02:51 - 2015-10-31 02:52 - 15686423 _____ C:\Users\JustinLoh\Downloads\RezzieModv33.zip
2015-10-31 02:28 - 2003-10-14 13:25 - 00000128 _____ C:\WINDOWS\SysWOW64\vssver.scc
2015-10-31 02:28 - 2003-10-14 11:48 - 01060864 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-31 02:28 - 2003-10-14 11:48 - 00974848 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2015-10-31 02:28 - 2003-10-14 11:48 - 00499712 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-10-31 02:28 - 2003-10-14 11:48 - 00487424 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp70.dll
2015-10-31 02:28 - 2003-10-14 11:48 - 00348160 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-31 02:28 - 2003-10-14 11:48 - 00344064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2015-10-31 02:25 - 2015-10-31 02:26 - 22269979 _____ (InstallShield Software Corporation) C:\Users\JustinLoh\Downloads\MaxPayne2Tools.exe
2015-10-30 09:01 - 2015-11-10 16:52 - 00000000 ____D C:\Users\JustinLoh\Documents\Max Payne 2 Savegames
2015-10-30 08:59 - 2015-10-30 08:59 - 00000000 ____D C:\Program Files (x86)\Come2down
2015-10-30 08:42 - 2015-10-30 08:47 - 00000000 ____D C:\Users\JustinLoh\Downloads\Max Payne 2; The Fall of Max Payne
2015-10-29 18:29 - 2015-11-12 11:42 - 00000000 ____D C:\Users\JustinLoh\Desktop\New folder
2015-10-29 13:12 - 2015-10-29 13:12 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\KYE 7Key
2015-10-29 13:12 - 2015-10-29 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius
2015-10-29 13:12 - 2015-10-29 13:12 - 00000000 ____D C:\Program Files (x86)\Genius
2015-10-29 13:09 - 2015-10-29 13:11 - 07676648 _____ C:\Users\JustinLoh\Downloads\Maurus V2.00 (1).rar
2015-10-28 09:19 - 2015-10-29 13:12 - 01212799 _____ C:\WINDOWS\unins000.exe
2015-10-28 09:19 - 2015-10-29 13:12 - 00032748 _____ C:\WINDOWS\unins000.dat
2015-10-27 08:53 - 2015-10-27 08:55 - 07676648 _____ C:\Users\JustinLoh\Downloads\Maurus V2.00.rar
2015-10-25 23:12 - 2015-10-25 23:12 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-10-25 11:16 - 2015-10-25 11:16 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\MicrosoftEdge
2015-10-24 19:59 - 2015-10-24 19:59 - 00034460 _____ C:\Users\JustinLoh\Downloads\sin-city-a-dame-to-kill-for-2014-english-yify-30005.zip
2015-10-24 16:38 - 2015-10-24 16:38 - 00000000 ____D C:\Users\JustinLoh\Tracing
2015-10-24 16:32 - 2015-10-24 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-24 11:28 - 2015-10-24 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-10-24 11:28 - 2015-10-24 11:28 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-10-24 11:23 - 2015-10-24 11:23 - 28391936 _____ (Popcorn Official) C:\Users\JustinLoh\Downloads\Popcorn-Time-0.3.8-5-Setup.exe
2015-10-24 11:11 - 2015-10-24 11:26 - 48332813 _____ (Popcorn Time ) C:\Users\JustinLoh\Downloads\PopcornTime-latest (1).exe
2015-10-23 23:55 - 2015-11-08 22:20 - 00000000 ____D C:\Users\JustinLoh\Downloads\PopcornTime
2015-10-23 20:44 - 2015-10-23 23:55 - 48332813 _____ (Popcorn Time ) C:\Users\JustinLoh\Downloads\PopcornTime-latest.exe
2015-10-23 19:43 - 2015-10-23 19:48 - 00000000 ____D C:\Users\JustinLoh\Downloads\Edge of Tomorrow (2014) [1080p]
2015-10-23 19:42 - 2015-10-23 19:43 - 00000000 ____D C:\Users\JustinLoh\Downloads\Turbo.Kid.2015.720p.WEB-DL.x264.AAC-ETRG
2015-10-23 19:31 - 2015-10-23 19:38 - 00000000 ____D C:\Users\JustinLoh\Downloads\Idiocracy (2006)
2015-10-22 18:03 - 2015-11-05 00:38 - 00000000 ____D C:\Users\JustinLoh\Desktop\Internship and CV
2015-10-21 15:38 - 2015-11-11 14:27 - 00000000 ____D C:\Users\JustinLoh\Desktop\Flvto
2015-10-20 13:27 - 2015-11-11 00:47 - 00000000 ____D C:\Users\JustinLoh\Desktop\DAD REPORT
2015-10-20 00:36 - 2015-10-06 18:46 - 00040080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-10-20 00:36 - 2015-10-03 04:58 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 22342264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 18354984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 16548768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 15837152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 15803800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 14841232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 13525200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 12868120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 12038368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 02313336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 01994360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00689968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00445216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00414000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00388048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-10-20 00:36 - 2015-10-03 04:58 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-10-19 18:54 - 2015-10-19 18:54 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2015-10-18 14:18 - 2015-11-11 17:25 - 00000000 ____D C:\Users\JustinLoh\AppData\LocalLow\BitTorrent
2015-10-18 00:37 - 2015-10-18 00:41 - 00000000 ____D C:\Users\JustinLoh\Downloads\Harry Potter and the Sorcerers Stone (2001) [1080p]
2015-10-17 14:52 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-17 14:52 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-17 14:52 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-17 14:52 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-17 14:52 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-17 14:52 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-17 14:52 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-17 14:52 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-17 14:52 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-17 14:52 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-17 14:52 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-17 14:52 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-17 14:52 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-17 14:52 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-17 14:52 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-17 14:52 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-17 14:52 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-17 14:52 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-17 14:52 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-17 14:52 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-17 14:52 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-17 14:52 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-17 14:52 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-17 14:52 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-17 14:52 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-17 14:52 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-17 14:52 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-17 14:52 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-17 14:52 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-17 14:52 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-17 14:52 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-17 14:52 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-17 14:52 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-17 14:52 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-17 14:52 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-17 14:52 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-17 14:52 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-17 14:52 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-17 14:52 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-17 14:52 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-17 14:52 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-17 14:52 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-17 14:52 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-17 14:52 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-17 13:26 - 2015-10-17 13:28 - 00000000 ____D C:\Users\JustinLoh\Downloads\Bram Stoker's Dracula.1992.BRRip.XviD-VLiS
2015-10-17 13:05 - 2015-10-17 13:11 - 00000000 ____D C:\Users\JustinLoh\Downloads\Paddington (2014) [1080p]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-12 22:26 - 2015-02-05 05:55 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-12 22:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-12 22:09 - 2015-02-05 05:55 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-12 11:59 - 2014-11-27 11:32 - 00000000 ____D C:\Program Files\KMSpico
2015-11-12 10:54 - 2014-03-29 13:47 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\Packages
2015-11-12 10:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-12 08:23 - 2015-06-12 00:28 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\BitTorrent
2015-11-11 16:20 - 2014-04-09 02:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-11 15:37 - 2014-11-30 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-11-11 14:29 - 2014-09-14 06:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-11 14:28 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-11 14:27 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-11 14:26 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 13:56 - 2015-09-05 06:49 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\MPC-HC
2015-11-11 13:56 - 2014-05-03 08:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-11 10:07 - 2014-11-30 10:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-11 10:07 - 2014-07-12 10:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 10:06 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 10:02 - 2014-04-06 14:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 10:02 - 2013-08-22 13:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-11-11 09:56 - 2014-04-06 14:41 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 01:51 - 2014-08-30 14:46 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\Facebook
2015-11-11 01:09 - 2015-08-28 06:35 - 00000080 _____ C:\Users\JustinLoh\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-11-11 01:04 - 2014-09-04 15:35 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-11-11 01:04 - 2014-04-21 15:14 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-11-10 22:04 - 2015-08-27 18:25 - 00000000 ____D C:\Users\JustinLoh
2015-11-10 22:04 - 2015-08-27 18:25 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-10 20:55 - 2014-05-18 16:30 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\FlvtoConverter
2015-11-10 16:50 - 2014-09-14 04:53 - 00000000 __RDO C:\Users\JustinLoh\OneDrive
2015-11-10 16:47 - 2015-07-14 12:58 - 00000000 ____D C:\AdwCleaner
2015-11-09 10:55 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-08 13:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-07 01:10 - 2015-05-30 09:26 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\Steam
2015-11-04 16:57 - 2014-03-29 14:29 - 00000000 ___RD C:\Users\JustinLoh\Desktop\Utilities
2015-11-04 02:19 - 2015-06-22 15:25 - 00000000 ____D C:\Program Files\Rockstar Games
2015-11-04 02:19 - 2014-05-07 16:49 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-11-03 18:20 - 2015-07-10 11:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 18:20 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 03:21 - 2014-11-05 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-10-31 03:20 - 2013-11-08 00:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-31 02:20 - 2015-08-27 23:57 - 00002395 _____ C:\Users\JustinLoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-29 08:11 - 2015-08-19 05:26 - 00000000 ____D C:\Users\JustinLoh\AppData\Local\Hotger
2015-10-28 16:56 - 2015-08-27 18:24 - 01006002 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 13:12 - 2014-04-09 03:00 - 00000000 ____D C:\Users\JustinLoh\AppData\Roaming\Skype
2015-10-24 16:32 - 2015-04-28 05:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-24 16:32 - 2014-04-09 02:59 - 00000000 ____D C:\ProgramData\Skype
2015-10-20 00:38 - 2015-08-28 05:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-20 00:38 - 2014-09-14 05:17 - 00000000 ____D C:\Temp
2015-10-20 00:29 - 2014-09-14 03:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-16 13:26 - 2014-05-08 08:52 - 00003838 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-16 13:26 - 2014-05-08 08:52 - 00003604 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
 
==================== Files in the root of some directories =======
 
2014-05-18 17:27 - 2015-09-26 12:39 - 0000132 _____ () C:\Users\JustinLoh\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-08-19 05:25 - 2015-08-19 06:38 - 0004121 _____ () C:\Users\JustinLoh\AppData\Roaming\midisheetmusic.config.ini
2015-08-09 05:37 - 2015-08-27 17:55 - 0018159 _____ () C:\Users\JustinLoh\AppData\Local\BTServer.log
2015-08-10 04:23 - 2015-08-10 04:23 - 0000218 _____ () C:\Users\JustinLoh\AppData\Local\recently-used.xbel
2014-04-24 01:50 - 2015-06-25 09:24 - 0007638 _____ () C:\Users\JustinLoh\AppData\Local\resmon.resmoncfg
2015-11-10 20:13 - 2015-11-10 20:13 - 0000003 _____ () C:\ProgramData\wmpp.dat
 
Files to move or delete:
====================
C:\ProgramData\wmpp.dat
 
 
Some files in TEMP:
====================
C:\Users\JustinLoh\AppData\Local\Temp\beehbeggii.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-08 13:49
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 16 November 2015 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Control Panel > Programs and Features applet
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\Run: [AdobeBridge] => [X]
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\pdf.dll => No File
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\JustinLoh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-11-30] (Basil Projects)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\ProgramData\wmpp.dat
C:\Users\JustinLoh\AppData\Local\Temp\beehbeggii.exe
Task: {0CD9BF31-8C49-4B4D-9E67-03658ECA60CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {388FB857-A2CD-4653-BA64-2059894AF61C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7FDE9732-8A32-4F45-B32E-7EE3470C019C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93F8CD6D-DFB3-47F4-B868-74762664F380} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {968B4C2A-CAEB-43C5-8740-38CDFF132D03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99F8FAEB-05BF-40CC-A9F7-4F17A07001F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C112825-75B0-4B57-B29A-3804B16C53D0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-11-11] (@ByELDI)
Task: {AAAB9CAE-6B44-4FB4-BB22-745DE24D48EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B03FCA43-2CC9-4199-BC99-BC43594A758D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BE6F66C5-FE86-4971-A21E-852B58BB6C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA323872-C770-4CD2-A4D6-CD39810CEA9E} - System32\Tasks\Win Update Service => C:\ProgramData\msupd\dmsp.exe
Task: {DB6CD2A0-DE60-4B67-81D9-449F5CC59E77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DC9C19BE-9ADE-46BE-A106-3DEDE6304CD8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:8C35AEA7
AlternateDataStreams: C:\Users\JustinLoh\Local Settings:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\Local Settings:bYl727BpAox0ui3jJZ564y65z5b
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local:bYl727BpAox0ui3jJZ564y65z5b
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local\Application Data:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local\Application Data:bYl727BpAox0ui3jJZ564y65z5b
FirewallRules: [{266F6F96-029F-45E8-A8E4-9A6C023B05B7}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A14E97C2-1441-472B-9DFC-6324F1003E2C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E812ABF7-4A2F-4E43-8D2A-AD22794E0FF2}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{33A65573-17F5-48E8-805E-F5E7C5928110}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{66A49870-5466-47A0-9B7D-5B5A86AB7A51}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{58611A46-0CC5-4741-87A8-3AAF93C85631}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

Any remaining issues with this computer?

#3 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 16 November 2015 - 10:53 AM

Hi, I have followed your instructions to the letter, Unfortunately i could not locate kmspico in the programs and features menu, though I am certain I'd removed it in the past few days.

 

Attached are the reports from both adwcleaner and farbar. 

 

so far the pop up has ceased (though it has only been 5 or so minutes) Time will tell if this victory persists. I will give an update once I'm confident the issue is resolved. (I.E in maybe a day)

 

Attached Files



#4 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 16 November 2015 - 11:12 AM

Sorry nasdaq, no luck, popup still recurring =/

http://www.mypcbackup.com/lp/exclusive-free

this godsdamn website. same issue. i get a windows 10 notification on which browser to use to open it (which i have not initiated in any way) and if i click the chrome option or indeed any other option it just takes me there 



#5 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 17 November 2015 - 08:37 AM

# AdwCleaner v5.021 - Logfile created 16/11/2015 at 15:43:52
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : JustinLoh - MSI
# Running from : C:\Users\JustinLoh\Downloads\adwcleaner_5.021.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : facebook-video-call-plug-in-installer.en.softonic.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [827 bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by JustinLoh (2015-11-16 15:38:16) Run:1
Running from C:\Users\JustinLoh\Downloads
Loaded Profiles: JustinLoh (Available Profiles: JustinLoh & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\...\Run: [AdobeBridge] => [X]
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\pdf.dll => No File
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\JustinLoh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-11-30] (Basil Projects)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\ProgramData\wmpp.dat
C:\Users\JustinLoh\AppData\Local\Temp\beehbeggii.exe
Task: {0CD9BF31-8C49-4B4D-9E67-03658ECA60CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {388FB857-A2CD-4653-BA64-2059894AF61C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7FDE9732-8A32-4F45-B32E-7EE3470C019C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93F8CD6D-DFB3-47F4-B868-74762664F380} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {968B4C2A-CAEB-43C5-8740-38CDFF132D03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99F8FAEB-05BF-40CC-A9F7-4F17A07001F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C112825-75B0-4B57-B29A-3804B16C53D0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-11-11] (@ByELDI)
Task: {AAAB9CAE-6B44-4FB4-BB22-745DE24D48EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B03FCA43-2CC9-4199-BC99-BC43594A758D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BE6F66C5-FE86-4971-A21E-852B58BB6C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA323872-C770-4CD2-A4D6-CD39810CEA9E} - System32\Tasks\Win Update Service => C:\ProgramData\msupd\dmsp.exe
Task: {DB6CD2A0-DE60-4B67-81D9-449F5CC59E77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DC9C19BE-9ADE-46BE-A106-3DEDE6304CD8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:8C35AEA7
AlternateDataStreams: C:\Users\JustinLoh\Local Settings:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\Local Settings:bYl727BpAox0ui3jJZ564y65z5b
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local:bYl727BpAox0ui3jJZ564y65z5b
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local\Application Data:8TYDQbB6L1mMVaF0KpKaL36qi
AlternateDataStreams: C:\Users\JustinLoh\AppData\Local\Application Data:bYl727BpAox0ui3jJZ564y65z5b
FirewallRules: [{266F6F96-029F-45E8-A8E4-9A6C023B05B7}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A14E97C2-1441-472B-9DFC-6324F1003E2C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E812ABF7-4A2F-4E43-8D2A-AD22794E0FF2}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{33A65573-17F5-48E8-805E-F5E7C5928110}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{66A49870-5466-47A0-9B7D-5B5A86AB7A51}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{58611A46-0CC5-4741-87A8-3AAF93C85631}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKU\S-1-5-21-4234761149-2200977614-3614621967-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\JustinLoh\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.58\pdf.dll => not found.
C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\JustinLoh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => not found.
Update service => service removed successfully
WinDivert1.1 => service removed successfully
wfpcapture => service removed successfully
C:\ProgramData\wmpp.dat => moved successfully
"C:\Users\JustinLoh\AppData\Local\Temp\beehbeggii.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CD9BF31-8C49-4B4D-9E67-03658ECA60CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CD9BF31-8C49-4B4D-9E67-03658ECA60CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{388FB857-A2CD-4653-BA64-2059894AF61C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{388FB857-A2CD-4653-BA64-2059894AF61C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FDE9732-8A32-4F45-B32E-7EE3470C019C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDE9732-8A32-4F45-B32E-7EE3470C019C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F8CD6D-DFB3-47F4-B868-74762664F380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F8CD6D-DFB3-47F4-B868-74762664F380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{968B4C2A-CAEB-43C5-8740-38CDFF132D03}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{968B4C2A-CAEB-43C5-8740-38CDFF132D03}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99F8FAEB-05BF-40CC-A9F7-4F17A07001F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F8FAEB-05BF-40CC-A9F7-4F17A07001F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C112825-75B0-4B57-B29A-3804B16C53D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C112825-75B0-4B57-B29A-3804B16C53D0}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAAB9CAE-6B44-4FB4-BB22-745DE24D48EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAB9CAE-6B44-4FB4-BB22-745DE24D48EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B03FCA43-2CC9-4199-BC99-BC43594A758D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B03FCA43-2CC9-4199-BC99-BC43594A758D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6F66C5-FE86-4971-A21E-852B58BB6C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6F66C5-FE86-4971-A21E-852B58BB6C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA323872-C770-4CD2-A4D6-CD39810CEA9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA323872-C770-4CD2-A4D6-CD39810CEA9E}" => key removed successfully
C:\WINDOWS\System32\Tasks\Win Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Update Service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6CD2A0-DE60-4B67-81D9-449F5CC59E77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6CD2A0-DE60-4B67-81D9-449F5CC59E77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC9C19BE-9ADE-46BE-A106-3DEDE6304CD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC9C19BE-9ADE-46BE-A106-3DEDE6304CD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\ProgramData\Temp => ":8C35AEA7" ADS removed successfully.
"C:\Users\JustinLoh\Local Settings" => ":8TYDQbB6L1mMVaF0KpKaL36qi" ADS not found.
"C:\Users\JustinLoh\Local Settings" => ":bYl727BpAox0ui3jJZ564y65z5b" ADS not found.
C:\Users\JustinLoh\AppData\Local => ":8TYDQbB6L1mMVaF0KpKaL36qi" ADS removed successfully.
C:\Users\JustinLoh\AppData\Local => ":bYl727BpAox0ui3jJZ564y65z5b" ADS removed successfully.
"C:\Users\JustinLoh\AppData\Local\Application Data" => ":8TYDQbB6L1mMVaF0KpKaL36qi" ADS not found.
"C:\Users\JustinLoh\AppData\Local\Application Data" => ":bYl727BpAox0ui3jJZ564y65z5b" ADS not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{266F6F96-029F-45E8-A8E4-9A6C023B05B7} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A14E97C2-1441-472B-9DFC-6324F1003E2C} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E812ABF7-4A2F-4E43-8D2A-AD22794E0FF2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A65573-17F5-48E8-805E-F5E7C5928110} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66A49870-5466-47A0-9B7D-5B5A86AB7A51} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58611A46-0CC5-4741-87A8-3AAF93C85631} => value not found.
EmptyTemp: => 225.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:38:59 ====
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 17 November 2015 - 10:03 AM

How the computer running Now?

#7 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 19 November 2015 - 08:34 AM

Dear Nasdaq,

Issue still persists! I don't even have to have wifi connected for the prompt to open. Same issue, a few hours later windows 10 prompt opens asking to use which browser to open Mypcbackup site, any other ways of solving this?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 19 November 2015 - 10:19 AM

Please run the Farbar Recovery Scan Tool. Enter Mypcbackup* in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Mypcbackup in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Post the logs for my review.

#9 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 19 November 2015 - 12:22 PM

Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by JustinLoh (2015-11-19 17:12:08)
Running from C:\Users\JustinLoh\Downloads
Boot Mode: Normal
 
================== Search Files: "Mypcbackup" =============
 
====== End of Search ======
 
Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by JustinLoh (2015-11-19 17:18:52)
Running from C:\Users\JustinLoh\Downloads
Boot Mode: Normal
 
================== Search Registry: "Mypcbackup" ===========
 
 
====== End of Search ======
 
 
 
No luck. any options? 


#10 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 19 November 2015 - 01:15 PM

Dear Nasdaq,

Finally a breakthrough!

I was on CCleaner wiping my cache, when I spotted a tab called: scheduled tasks.

And one of the scheduled tasks was: you guessed it! an automated webpage opening task! I disabled and deleted that task, and hopefully all is good, will update tomorrow to confirm!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 19 November 2015 - 03:19 PM

Good catch.

I saw this on your Addition.txt file
Task: {091277D2-4BD1-4B4B-BB11-40B8CD571D33} - System32\Tasks\Backup Update Service => p:\\jmp2.in\
Was not sure if it was your doing.

Was that the issue?

#12 justinloh33

justinloh33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 22 November 2015 - 06:22 AM

Dear Nasdaq,

Yes! computer runs completely fine with no hitches now! thanks a ton!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 22 November 2015 - 08:05 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 28 November 2015 - 08:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users