Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Seen on Screen" spam tabs in Chrome -- keeps recreating itself


  • This topic is locked This topic is locked
6 replies to this topic

#1 SignaDeltaTao

SignaDeltaTao

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 17 January 2017 - 11:31 PM

Good evening --

 

Hello there. My name is Scott. This is not a pressing issue, given it only happens on occasion, and I have found ways to "kill" the annoyance, but I wondered if anybody had any idea how to finally remove a problem that I have been having in Chrome with it opening up spam tabs.

 

Every once and awhile, Chrome will open up a new tab or two that calls itself, "Seen on Screen." I checked through my extensions and my installed programs and found nothing there of note, and I ran Malwarebytes a few times, which is always a useful program but seems not to have stopped it.

 

It looks like this, for the record...

 

http://www.virusresearch.org/wp-content/uploads/2016/07/Remove-Seen-On-Screen.jpg

 

I use Chrome 99% of the time and occasionally Edge if I need a second browser.

 

I managed to isolate the problem to a number of tasks that start running on my Task Manager that look like this...

 

uU9Lm02.png

 

Taskbar Tweaker is a friend; the others are the problems and unwanted interlopers.

 

I tracked them down to the C:\ProgramData files... each was in a folder with the same name as the random text generated there. I closed the processes, deleted those files from Program Data, and rebooted the machine. After being okay for awhile, unfortunately, those files recreate themselves.

 

I have run Malwarebyes and Adware Cleaner a few times, and while they will always notice those files if they still exist and kill the processes and delete them, they seem to be unable to stop them from recreating themselves and doing the same thing in Chrome that they have always been doing.

 

Anybody have any idea how to shut this down once and for all...?

 

I have saved the rogue application files onto a spare flash drive, or, at least, one of the early instances of it, in case anybody wants it. I do not know the protocol for attaching what is known as a spam virus on this forum, though, so I will hold off from that unless I am asked to.

 

I have attached the FRST output as well as the outputs of two scans from Adware Cleaner. The one labeled [C0] was just a general cleanup. The one labeled [C2] actually caught the rogue programs in question, at least they being manifest in the C:\ drive and looking to do their spam thing, though I am not sure if the root cause that keeps recreating them. They came back after a recent restart, for instance. Any help would be greatly appreciated to see what this is.

 

Thank you very much, ~Scott

 

---

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by Scott (administrator) on SCOTT-PC (17-01-2017 23:19:04)
Running from C:\Users\Scott\Desktop\Bleeping Computer
Loaded Profiles: Scott (Available Profiles: UpdatusUser & Scott & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Scott\AppData\Local\Akamai\netsession_win.exe
(Octoshape ApS) C:\Users\Scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flux Software LLC) C:\Users\Scott\AppData\Local\FluxSoftware\Flux\flux.exe
(Akamai Technologies, Inc.) C:\Users\Scott\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RaMMicHaeL) C:\Users\Scott\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Google, Inc) C:\Users\Scott\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Google Update] => C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Scott\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [f.lux] => C:\Users\Scott\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\Scott\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Google Photos Backup] => C:\Users\Scott\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Scott\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-09-03] (Yahoo!, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{4ce0942e-7152-4bbb-b8dd-3054e62d8e98}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{50c2198a-08b7-4d01-84d1-bf235c67928a}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{79fa1005-071d-4495-9aa7-30810913e908}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{7d761402-83bd-4f2b-b833-e65abe428d93}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {46C30ED2-C519-4419-B071-CE6176DCE1F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {46C30ED2-C519-4419-B071-CE6176DCE1F3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {E82887C7-B547-49D0-BE25-227DECFCB975} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001 -> {2DFF5989-7923-4AFB-9929-44E3E7503EE5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001 -> {46C30ED2-C519-4419-B071-CE6176DCE1F3} URL = 
SearchScopes: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001 -> {E82887C7-B547-49D0-BE25-227DECFCB975} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\99kfwxrm.default-1456531877111 [2016-08-29]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\99kfwxrm.default-1456531877111 -> Google
FF Homepage: Mozilla\Firefox\Profiles\99kfwxrm.default-1456531877111 -> hxxp://www.google.com/
FF Extension: (ColorfulTabs) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\99kfwxrm.default-1456531877111\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-02-26]
FF Extension: (Adblock Plus) - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\99kfwxrm.default-1456531877111\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-05-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-05-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-11-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2014-05-03] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Scott\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Scott\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @talk.google.com/O1DPlugin -> C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3507774887-3041916106-1939521727-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scott\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-08-17] (Octoshape ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default [2017-01-17]
CHR Extension: (Google Slides) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-27]
CHR Extension: (Google Docs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-27]
CHR Extension: (Google Drive) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-27]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-27]
CHR Extension: (Adblock Plus) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-27]
CHR Extension: (Google Sheets) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-27]
CHR Extension: (Naming Wrongs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoflnaehimpoefaeljfkllbgkdopgnb [2016-12-29]
CHR Extension: (BuzzOff) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhnikgadddmapihkfbadhpghihphphcb [2016-10-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-06-23]
CHR Extension: (Remove ZergNet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\manjkebbkajmpdndbahchokjphleklak [2016-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-27]
CHR Extension: (Chrome Media Router) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2016-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [115864 2016-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2016-02-05] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-17 23:18 - 2017-01-17 23:19 - 00000000 ____D C:\FRST
2017-01-17 23:03 - 2017-01-17 23:03 - 00003972 _____ C:\WINDOWS\System32\Tasks\{ED35542F-5A9E-E384-6DB0-CF58FBBF1AE4}
2017-01-17 23:03 - 2017-01-17 23:03 - 00003972 _____ C:\WINDOWS\System32\Tasks\{373EE493-8095-5338-7BD9-FA97EC27F2B5}
2017-01-17 22:58 - 2017-01-17 22:58 - 00003972 _____ C:\WINDOWS\System32\Tasks\{4E43AA17-F9E8-1DBC-8A57-AAA51133A04A}
2017-01-17 22:58 - 2017-01-17 22:58 - 00003972 _____ C:\WINDOWS\System32\Tasks\{36AD1D30-8106-AA9B-5A48-9969E1C3D9CD}
2017-01-16 17:30 - 2017-01-17 23:06 - 00000000 ____D C:\AdwCleaner
2017-01-16 16:56 - 2017-01-16 16:57 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Scott\Downloads\SpyHunter-Installer.exe
2017-01-16 16:50 - 2017-01-17 23:19 - 00000000 ____D C:\Users\Scott\Desktop\Bleeping Computer
2017-01-16 16:45 - 2017-01-16 16:45 - 00003972 _____ C:\WINDOWS\System32\Tasks\{B536779C-029D-C037-978A-27B490AFBD99}
2017-01-16 16:45 - 2017-01-16 16:45 - 00003972 _____ C:\WINDOWS\System32\Tasks\{0E33BA76-B998-0DDD-5879-6341736C9E02}
2017-01-16 16:41 - 2017-01-16 16:41 - 00003972 _____ C:\WINDOWS\System32\Tasks\{A16D2090-16C6-973B-88F7-5BCE33B98B05}
2017-01-16 16:40 - 2017-01-16 16:40 - 00003972 _____ C:\WINDOWS\System32\Tasks\{86E26526-3149-D28D-C88B-63059E4638AC}
2017-01-15 23:03 - 2017-01-15 23:03 - 00003972 _____ C:\WINDOWS\System32\Tasks\{BEE095C1-094B-226A-9C30-5B974703150C}
2017-01-15 23:03 - 2017-01-15 23:03 - 00003972 _____ C:\WINDOWS\System32\Tasks\{0D012CFE-BAAA-9B55-AAE1-AD248AEB188C}
2017-01-15 22:59 - 2017-01-15 22:59 - 00003972 _____ C:\WINDOWS\System32\Tasks\{C3FB3F9A-7450-8831-B1A5-ABC2881513EE}
2017-01-15 22:58 - 2017-01-15 22:58 - 00003972 _____ C:\WINDOWS\System32\Tasks\{86BAEF10-3111-58BB-3DE5-29FC51DB95D4}
2017-01-14 21:33 - 2017-01-14 21:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\{9C08C3A4-2BA3-740F-3744-91FEE53CEE71}
2017-01-14 21:33 - 2017-01-14 21:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\{9B6B283A-2CC0-9F91-1D7D-A1C6705F0D4A}
2017-01-11 19:19 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 19:19 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 23:25 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 23:25 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 23:25 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 23:25 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 23:25 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 23:25 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 23:25 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 23:25 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 23:25 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 23:25 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 23:25 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 23:25 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 23:25 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 23:25 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 23:25 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 23:25 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 23:25 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 23:25 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 23:25 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 23:25 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 23:25 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 23:25 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 23:25 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 23:25 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 23:25 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 23:25 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 23:25 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 23:25 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 23:25 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 23:25 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 23:25 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 23:25 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 23:25 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 23:25 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 23:25 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 23:25 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 23:25 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 23:25 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 23:25 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 23:25 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 23:25 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 23:25 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 23:25 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 23:25 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 23:25 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 23:25 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 23:25 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 23:25 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 23:25 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 23:25 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 23:25 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 23:25 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 23:25 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 23:25 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 23:25 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 23:25 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 23:25 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 23:25 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 23:25 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 23:25 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 23:25 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 23:25 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 23:25 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 23:25 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 23:25 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 23:25 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 23:25 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 23:25 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 23:25 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 23:25 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 23:25 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 23:25 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 23:25 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 23:25 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 23:25 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 23:25 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 23:25 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 23:25 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 23:25 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 23:25 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:25 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 23:24 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 23:24 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 23:24 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 23:24 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 23:24 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 23:24 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 23:24 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 23:24 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 23:24 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 23:24 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 23:24 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 23:24 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 23:24 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 23:24 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 23:24 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 23:24 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 23:24 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 23:24 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 23:24 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 23:24 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 23:24 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 23:24 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 23:24 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 23:24 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 23:24 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 23:24 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 23:24 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 23:24 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 23:24 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 23:24 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 23:24 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 23:24 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 23:24 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 23:24 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 23:24 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:24 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 23:24 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 23:24 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 23:24 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 23:24 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 23:24 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 23:24 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 23:24 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 23:24 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 23:24 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 23:24 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 23:24 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 23:24 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 23:24 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 23:24 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 23:24 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 23:24 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 23:24 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 23:24 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 23:24 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 23:24 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 23:24 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 23:24 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 23:24 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:24 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 23:24 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 23:24 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 23:24 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 23:24 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:24 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 23:24 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 23:24 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 23:24 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 23:24 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 23:24 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 23:24 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 23:24 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 23:24 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 23:24 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 23:24 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 23:24 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 23:24 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 23:24 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 23:24 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 23:24 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 23:24 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 23:24 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 22:26 - 2017-01-11 19:38 - 20630616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-30 18:12 - 2016-12-30 18:12 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-30 18:12 - 2016-12-30 18:12 - 00000000 ____D C:\Users\Scott\AppData\Roaming\TeamViewer
2016-12-30 18:12 - 2016-12-30 18:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-30 18:12 - 2016-11-28 05:55 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2016-12-30 18:10 - 2016-12-30 18:11 - 12922384 _____ (TeamViewer GmbH) C:\Users\Scott\Downloads\TeamViewer_Setup_en.exe
2016-12-30 09:01 - 2016-12-30 09:01 - 00046321 _____ C:\Users\Scott\Downloads\123flashchat.swf
2016-12-29 13:32 - 2016-12-29 13:32 - 01065770 _____ C:\Users\Scott\Downloads\55756-eui_v1_28g.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-17 23:16 - 2012-03-10 11:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-17 23:09 - 2011-05-04 01:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-01-17 23:08 - 2016-09-26 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-17 23:08 - 2016-09-26 10:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-17 23:07 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-17 23:06 - 2015-10-31 14:21 - 00000000 ____D C:\Users\Scott\Documents\NCAA Division 1-A
2017-01-17 22:58 - 2016-09-26 11:05 - 00003880 _____ C:\WINDOWS\System32\Tasks\{56A91003-4580-FC7B-6312-4CB865B3D924}
2017-01-17 22:37 - 2012-04-05 19:13 - 00000000 ____D C:\Users\Scott\Documents\Major League Football
2017-01-17 22:25 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-17 22:22 - 2016-09-26 10:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-16 17:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\addins
2017-01-16 17:19 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-16 17:19 - 2012-12-27 00:18 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-16 14:10 - 2016-01-06 23:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-16 14:08 - 2014-02-16 10:13 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-16 02:13 - 2016-09-26 10:15 - 00000000 ____D C:\Users\Scott
2017-01-15 23:11 - 2016-01-06 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-15 23:11 - 2016-01-06 23:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-14 23:07 - 2016-04-08 19:38 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-14 23:07 - 2012-04-01 05:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-14 23:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-01-14 17:41 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 13:22 - 2011-05-12 18:17 - 00000000 ____D C:\Users\Scott\Documents\Writings
2017-01-14 09:56 - 2016-11-13 13:01 - 00000056 _____ C:\Users\Scott\Desktop\history.txt
2017-01-13 17:31 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-11 21:27 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-11 19:38 - 2016-09-26 11:05 - 00003968 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-11 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-11 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 19:20 - 2015-09-01 19:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 19:20 - 2011-05-20 19:58 - 00000000 ___RD C:\Users\Scott\Virtual Machines
2017-01-11 19:17 - 2016-09-26 10:05 - 00340776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 19:17 - 2015-05-30 04:43 - 00000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3507774887-3041916106-1939521727-1001.job
2017-01-11 19:17 - 2014-07-14 19:28 - 00000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3507774887-3041916106-1939521727-1001.job
2017-01-11 19:17 - 2011-05-13 18:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3507774887-3041916106-1939521727-1001UA.job
2017-01-11 19:17 - 2011-05-13 18:36 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3507774887-3041916106-1939521727-1001Core.job
2017-01-11 10:02 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 10:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 10:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 10:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 10:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 01:57 - 2016-09-26 11:05 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 01:52 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 01:46 - 2013-08-10 01:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 01:39 - 2011-05-20 17:17 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 18:16 - 2011-05-04 01:57 - 00000000 ____D C:\ProgramData\Sonic
2017-01-08 20:00 - 2016-09-26 10:14 - 04140106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-08 10:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-02 01:01 - 2016-09-26 11:05 - 00003696 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-01-02 01:01 - 2013-09-13 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-01-02 01:01 - 2011-06-16 23:21 - 00000000 ____D C:\Program Files (x86)\DivX
2017-01-02 01:01 - 2011-06-16 23:18 - 00000000 ____D C:\ProgramData\DivX
2017-01-02 01:00 - 2011-06-16 23:23 - 00000000 ____D C:\Users\Scott\AppData\Roaming\DivX
2016-12-30 19:04 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-30 18:12 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-30 18:12 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-30 16:23 - 2016-08-19 02:10 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yahoo Messenger
2016-12-29 12:54 - 2016-02-27 17:39 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-29 12:54 - 2016-02-27 17:39 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-29 12:46 - 2016-09-26 11:05 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-29 12:46 - 2016-09-26 11:05 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-29 12:46 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-27 12:45 - 2016-09-26 10:06 - 00019592 _____ C:\WINDOWS\setupact.log
2016-12-27 11:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-24 00:03 - 2011-05-20 19:16 - 00000000 ____D C:\Users\Scott\AppData\Local\Diagnostics
2016-12-18 13:08 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\assembly
 
==================== Files in the root of some directories =======
 
2013-12-10 21:58 - 2013-12-10 21:58 - 0003584 _____ () C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-12 17:27 - 2011-05-12 17:27 - 0001567 _____ () C:\Users\Scott\AppData\Local\PDLSetup.20110512.182706.txt
2012-10-08 08:05 - 2012-10-08 08:05 - 0001565 _____ () C:\Users\Scott\AppData\Local\PDLSetup.20121008.090547.txt
2011-05-26 23:32 - 2015-08-23 23:50 - 0007596 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-13 19:22
 
==================== End of FRST.txt ============================

Attached Files


Edited by SignaDeltaTao, 18 January 2017 - 12:33 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 PM

Posted 18 January 2017 - 10:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Google Update] => C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Scott\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-09-03] (Yahoo!, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3507774887-3041916106-1939521727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31]
U3 idsvc; no ImagePath

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

p.s.
Please include the Addition.txt file that was created by the Farbar tool.
I need to review it.

#3 SignaDeltaTao

SignaDeltaTao
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 18 January 2017 - 12:24 PM

Hello there --

 

Thank you for the help, nasdaq. A $100 donation is coming this site's way...

 

 bZXDqUT.png

 

...for the good work you all do. This is the second time you all have helped me, after all.

 

I followed your instructions. No problems yet, but it has only been a few minutes since the restart. This issue seems to come and go, sometimes hours after starting to use the machine. I will let you know if it happens again anytime today or during the next few days. In the meantime, here are the files requested...

 

*attached*

 

Let me know if you prefer them posted.

 

Thank you very much.

Attached Files


Edited by SignaDeltaTao, 18 January 2017 - 12:25 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 PM

Posted 19 January 2017 - 09:23 AM

Thank you for your support.

===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Amazon 1Button App (HKLM-x32\...\{FA378CD1-F32D-4610-9884-3902DF8AF826}) (Version: 2.3.8 - Amazon) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3507774887-3041916106-1939521727-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {035EF033-31CC-45F2-A487-0AA915689B18} - no filepath
Task: {22DBA862-9CFF-448B-A8D3-FA25FF20C6F7} - no filepath
Task: {25661454-657C-4C1C-B246-056A2AF8BB62} - System32\Tasks\{4E43AA17-F9E8-1DBC-8A57-AAA51133A04A} => C:\ProgramData\{B1C68CD1-066D-3B7A-F0FB-520589F29676}\63B61F73-D41D-A8D8-FA5A-D55E7A9D4C1E.exe <==== ATTENTION
Task: {258DCE8E-7412-416B-B62D-1B11676CB904} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2E5FAA0D-BC30-4B27-A60A-2E2090226E01} - System32\Tasks\{56A91003-4580-FC7B-6312-4CB865B3D924} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4e125ea1\3d6c234.dll" <==== ATTENTION
Task: {47B59491-DB5D-4F0E-886C-04BE1727EC7A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4FF2D604-7FFC-462E-9151-612E6DF70FEF} - no filepath
Task: {553C369A-97FF-4266-963F-9014104AEBDE} - System32\Tasks\{373EE493-8095-5338-7BD9-FA97EC27F2B5} => C:\ProgramData\{9F3B24F5-2890-935E-C91F-F015F85A0FB0}\530D0E46-E4A6-B9ED-54AD-350E8A6F6720.exe <==== ATTENTION
Task: {570426D4-3CF3-484C-B2CE-9993D89B2900} - System32\Tasks\{0E33BA76-B998-0DDD-5879-6341736C9E02} => C:\ProgramData\{02BF98C7-B514-2F6C-DEB4-55A22B0CDCE9}\957B4FD7-22D0-F87C-2AA9-0F49D116DDAA.exe <==== ATTENTION
Task: {5D6E2AA6-04CD-449B-A3A5-44F0CC1C2CC7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {61677C8E-A129-4A5B-9187-D498F3505565} - System32\Tasks\{86BAEF10-3111-58BB-3DE5-29FC51DB95D4} => C:\ProgramData\{818F0F05-3624-B8AE-FCC9-26BA35BF29EB}\ACEE139D-1B45-A436-6880-1F33C59AA4CA.exe <==== ATTENTION
Task: {7BB7CBF6-05BE-4A67-880F-B1A9B72133EB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {801D82B2-FD15-4717-89E3-32505F11B3AF} - System32\Tasks\{C3FB3F9A-7450-8831-B1A5-ABC2881513EE} => C:\ProgramData\{A890A157-1F3B-16FC-2A31-6EF24849117C}\81F356B1-3658-E11A-9491-24D90F9772B6.exe <==== ATTENTION
Task: {863FD080-EFC0-4CE1-B204-D2F400B59EC6} - \{66ADAC8F-3F88-C7C7-3917-1694CCDB9E00} -> No File <==== ATTENTION
Task: {86B45E75-677D-45C2-BBA5-E0D25DE1A3D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8BADB7A2-DB39-401C-B81A-2FFAE5F1A0FB} - \SaferUpdateTaskSCUD -> No File <==== ATTENTION
Task: {9C2C8BB5-E316-407F-8407-176AAE45B258} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9C6A3BFE-D14E-410D-9321-F2C0B4B4AFBC} - System32\Tasks\{BEE095C1-094B-226A-9C30-5B974703150C} => C:\ProgramData\{79A91E48-CE02-A9E3-1AD6-2D195FD1573A}\6262701C-D5C9-C7B7-AA90-FBA46A8EFF10.exe <==== ATTENTION
Task: {9CD8A9A3-76BA-440A-85D0-FE49D8306C29} - System32\Tasks\{A16D2090-16C6-973B-88F7-5BCE33B98B05} => C:\ProgramData\{84B624AC-331D-9307-D33A-83A5D094EE5D}\6B1A6794-DCB1-D03F-4CCF-7DBF0122EE6C.exe <==== ATTENTION
Task: {AD815C37-2915-4FA3-8B43-EA0C4AEC4D86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B06C32F6-3A90-4182-A62B-F2829312E108} - System32\Tasks\{9C08C3A4-2BA3-740F-3744-91FEE53CEE71} => C:\ProgramData\{35C50605-826E-B1AE-49DF-B87E431281B6}\79A5F29F-CE0E-4534-CD05-C8783FA8C32A.exe <==== ATTENTION
Task: {BF877CF7-91EE-4FAA-A798-F083853F43E4} - System32\Tasks\{9B6B283A-2CC0-9F91-1D7D-A1C6705F0D4A} => C:\ProgramData\{858F9025-3224-278E-8854-1AE24DF3E014}\4D8BFE38-FA20-4993-03B9-07733727D937.exe <==== ATTENTION
Task: {CF553B58-7F2B-4450-B3F4-6E1A989C9D1B} - System32\Tasks\{B536779C-029D-C037-978A-27B490AFBD99} => C:\ProgramData\{8D5C38A8-3AF7-8F03-20E9-C045F95DF13A}\3B924E92-8C39-F939-A82E-2CD912DA0AEE.exe <==== ATTENTION
Task: {CFF4747B-9E7C-4A09-A40A-2D6742EA61B9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D6E87FF2-8894-4A81-A524-17318A1414AD} - System32\Tasks\{0D012CFE-BAAA-9B55-AAE1-AD248AEB188C} => C:\ProgramData\{50AE298D-E705-9E26-443E-803E097D3FDF}\ABA41841-1C0F-AFEA-F937-75D4C639F665.exe <==== ATTENTION
Task: {DD8F2951-DCD9-4E97-8C25-CC2C4D30D5FF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E0E31317-F298-488E-B764-6B9C3873F132} - System32\Tasks\{36AD1D30-8106-AA9B-5A48-9969E1C3D9CD} => C:\ProgramData\{0E125149-B9B9-E6E2-B510-3E34AD3CF643}\B6CA362C-0161-8187-CBFF-562D153E48D5.exe <==== ATTENTION
Task: {E6492267-E267-4B1A-A3BC-7037A4C73994} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED50EE41-212D-4A87-9F9C-5C910F8F12CC} - System32\Tasks\{ED35542F-5A9E-E384-6DB0-CF58FBBF1AE4} => C:\ProgramData\{10485210-A7E3-E5BB-389F-6D59343D6346}\BA2A0B56-0D81-BCFD-8B91-332D4803C932.exe <==== ATTENTION
Task: {EFB884A9-BF73-4AC1-9422-F1575966D73F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F402A765-A92F-4EED-A403-A298345A0AEF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F4209F42-1970-4889-9A7B-723EC672B055} - no filepath
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YPfdbKQmYWnOqAL.exe
FirewallRules: [UDP Query User{1D808E56-70DD-40D9-9999-D3EBCD098876}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{A71F7354-0178-468F-851C-E6500B130516}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
C:\ProgramData\{B1C68CD1-066D-3B7A-F0FB-520589F29676}
C:\PROGRA~3\4e125ea1
C:\ProgramData\{9F3B24F5-2890-935E-C91F-F015F85A0FB0}
C:\ProgramData\{02BF98C7-B514-2F6C-DEB4-55A22B0CDCE9}
C:\ProgramData\{818F0F05-3624-B8AE-FCC9-26BA35BF29EB}
C:\ProgramData\{A890A157-1F3B-16FC-2A31-6EF24849117C}
C:\ProgramData\{79A91E48-CE02-A9E3-1AD6-2D195FD1573A}
C:\ProgramData\{84B624AC-331D-9307-D33A-83A5D094EE5D}
C:\ProgramData\{35C50605-826E-B1AE-49DF-B87E431281B6}
C:\ProgramData\{858F9025-3224-278E-8854-1AE24DF3E014}
C:\ProgramData\{8D5C38A8-3AF7-8F03-20E9-C045F95DF13A}
C:\ProgramData\{50AE298D-E705-9E26-443E-803E097D3FDF}
C:\ProgramData\{0E125149-B9B9-E6E2-B510-3E34AD3CF643}
C:\ProgramData\{10485210-A7E3-E5BB-389F-6D59343D6346}
C:\ProgramData\YPfdbKQmYWnOqAL.exe

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

If still present after these updates remove the old version(s) via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

===

Please post the Fixldog.txt and let me know what problem persists.

#5 SignaDeltaTao

SignaDeltaTao
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 19 January 2017 - 01:42 PM

Hello again --

 

I uninstalled those programs.

 

I ran fixlist.txt as instructed.

 

I have attached the .txt output from the same.

 

I uninstalled Java and the old version of Adobe Reader.

 

I installed the newest version of Adobe Reader (without the add-on programs) and not Java.

 

Seems to be going okay so far, but I have not used this machine that much in the past 36 hours.

 

Thank you so very much for the help again.

Attached Files


Edited by SignaDeltaTao, 19 January 2017 - 11:25 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 PM

Posted 20 January 2017 - 07:21 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 SignaDeltaTao

SignaDeltaTao
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 January 2017 - 07:03 PM

Thank you. All is well so far. I will probably know more for sure after this weekend and using the machine more.

 

But no problems today as I jumped on it after work. Thank you very much for the fix!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users