Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on a fake Download Chrome update on false site


  • This topic is locked This topic is locked
12 replies to this topic

#1 Waves2017

Waves2017

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 30 January 2017 - 01:58 AM

Edit: I had some trouble posting, probably because I took too long, and ended up attaching the Addition log more than once.

Hello, on Saturday January 28th, 2017 @ approximately 1937 Pacific Standard time, I absentmindedly clicked on downloading a Chrome update without realizing it was not a legitimate website/prompt.

 

Thus far, I looked up that site's name and found a Google Forum post about using the Chrome cleaner tool by Google which didn't seem to find any issues. I've updated and run MalwareBytes without rebooting into Safe Mode. MalwareBytes found no issues. I came here to look at the "old" guide for what to do before asking for help, but it looks like that has been removed.

 

Here is the entry from my Google Chrome's History:
https://  feisuteleseminariosdepnl.org/252403940743/1485329165808346/70jnp8nzc8g84y6ad5h422h26.zip

 

I tried looking for the file on my computer, and have not been able to locate it that I'm aware of.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Andrew (administrator) on OPHELIA (29-01-2017 22:02:48)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Fitbit, Inc.) E:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Electronic Arts) E:\Program Files (x86)\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(hxxp://tortoisesvn.net) E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Andrew\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
(Blizzard Entertainment) E:\Program Files (x86)\Diablo III\Battle.net\Battle.net.8293\Battle.net.exe
() E:\Program Files (x86)\Diablo III\Battle.net\Battle.net.8293\Battle.net Helper.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() E:\Program Files (x86)\Diablo III\Battle.net\Battle.net.8293\Battle.net Helper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(hxxp://tortoisesvn.net) E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [X-55 Rhino] => C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe [86528 2015-08-28] (Mad Catz)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-12] (Razer Inc)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3971648 2016-12-31] (GOG.com)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-07] (Google Inc.)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [MyComGames] => C:\Users\Andrew\AppData\Local\MyComGames\MyComGames.exe [4998032 2016-12-14] (MY.COM B.V.)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94376eb3-2aca-42b7-a3f5-4ce4df1bbbaa}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4017350527-2097374484-4260858473-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-27] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-27] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default [2017-01-29]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\4uphqqfu.default -> Google
FF Extension: (Tails Download and Verify) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\dave@tails.boum.org.xpi [2016-11-04]
FF Extension: (Enhanced Steam) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2015-05-04] [not signed]
FF Extension: (LogMeIn, Inc. Remote Access Plugin) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\LogMeInClient@logmein.com [2015-09-18] [not signed]
FF Extension: (LastPass) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\support@lastpass.com [2017-01-12]
FF Extension: (NoScript) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-24]
FF Extension: (Adblock Plus) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4uphqqfu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-09-16] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll [2013-02-28] (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2011-10-12] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> E:\Program Files\Real\Netscape6\nppl3260.dll [2013-01-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> E:\Program Files\Real\Netscape6\nprpplugin.dll [2013-01-17] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @my.com/Games -> C:\Users\Andrew\AppData\Local\MyComGames\NPMyComDetector.dll [2016-12-14] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @talk.google.com/O1DPlugin -> C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: BYOND -> E:\Program Files (x86)\BYOND\bin\npbyond.dll [2009-12-31] (BYOND)
FF Plugin HKU\S-1-5-21-4017350527-2097374484-4260858473-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-12-17] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://portal.starbucks.net/
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Bloons Tower Defense 4 HD) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifaibddnbkhnfgpjbgjopieekdmimme [2015-09-18]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-01-25]
CHR Extension: (JSONView) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-16]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Cast (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-04-27]
CHR Extension: (Postman) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-23]
CHR Extension: (EditThisCookie) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-10-16]
CHR Extension: (Don't Starve) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2015-09-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Blue Jeans Meeting) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2016-09-21]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-10-12] ()
S4 DAUpdaterSvc; d:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-03-06] (BioWare)
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S3 EvoSvc; E:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-03-07] (Echobit LLC)
R2 Fitbit Connect; E:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-12-14] (GOG.com)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [File not signed]
S4 iRacingService; E:\Program Files (x86)\iRacing\iRacingService.exe [789672 2014-04-25] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [File not signed]
S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3534784 2015-04-29] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-05] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-20] (Electronic Arts)
R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-20] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-02] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SixElevatedService; C:\ProgramData\SIX Networks\Shared\withSIX-Updater.exe [6570832 2014-03-02] (SIX Networks) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2016-10-21] (Tenable Network Security, Inc)
S4 TurtleBeachAudioSrv; D:\Program Files (x86)\Turtle Beach\MontegoDDL\TurtleBeachAudioSrv.exe [86016 2009-08-30] (Voyetra Turtle Beach, Inc.) [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-03-07] (Echobit, LLC)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
U5 LVRS64; C:\Windows\System32\Drivers\LVRS64.sys [351520 2012-10-26] (Logitech Inc.)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2015-12-11] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-05] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTLE8023x64; C:\WINDOWS\System32\DRIVERS\Rtenic64.sys [280344 2010-07-05] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 Said2215; C:\WINDOWS\System32\drivers\Said2215.sys [25280 2015-09-03] (Saitek)
S3 Saida215; C:\WINDOWS\System32\drivers\Saida215.sys [25280 2015-09-03] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-09-03] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-09-03] (Saitek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [41720 2016-04-05] (USBPcap)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 22:02 - 2017-01-29 22:03 - 00032488 _____ C:\Users\Andrew\Downloads\FRST.txt
2017-01-29 22:02 - 2017-01-29 22:02 - 00000000 ____D C:\FRST
2017-01-29 22:01 - 2017-01-29 22:02 - 02420736 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2017-01-29 20:03 - 2017-01-29 20:03 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Kalypso Media
2017-01-28 14:53 - 2017-01-28 14:53 - 00000000 ____D C:\ProgramData\For Honor
2017-01-27 13:18 - 2017-01-27 13:19 - 00000000 ____D C:\Users\Andrew\Documents\SimCity 4
2017-01-26 23:04 - 2017-01-26 23:04 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\ots
2017-01-26 23:04 - 2017-01-26 23:04 - 00000000 ____D C:\Users\Andrew\AppData\LocalLow\DefaultCompany
2017-01-25 01:01 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 01:01 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 22:51 - 2017-01-05 17:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-24 22:51 - 2017-01-05 17:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-24 22:51 - 2017-01-05 17:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-10 12:42 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 12:42 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 12:42 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 12:42 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 12:42 - 2016-12-20 23:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 12:42 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 12:42 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 12:42 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 12:42 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 12:42 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 12:42 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 12:42 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 12:42 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 12:42 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 12:42 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 12:42 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 12:42 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 12:42 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 12:42 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 12:42 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 12:42 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 12:42 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 12:42 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 12:42 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 12:42 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 12:42 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 12:42 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 12:42 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 12:42 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 12:42 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 12:42 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 12:42 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 12:42 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 12:42 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 12:42 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 12:42 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 12:42 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 12:42 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 12:42 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 12:42 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 12:42 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 12:42 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 12:42 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 12:42 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 12:42 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 12:42 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 12:42 - 2016-12-20 21:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 12:42 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 12:42 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 12:42 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 12:42 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 12:42 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 12:42 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 12:42 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 12:42 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 12:42 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 12:42 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 12:42 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 12:42 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 12:42 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 12:42 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 12:42 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 12:42 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 12:42 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 12:42 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 12:42 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 12:42 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 12:42 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 12:42 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 12:42 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 12:42 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 12:42 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 12:42 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 12:42 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 12:42 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 12:42 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 12:42 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 12:42 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 12:42 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 12:42 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 12:42 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 12:42 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 12:42 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 12:42 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 12:42 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 12:42 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 12:42 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 12:42 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 12:42 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 12:42 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 12:42 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 12:42 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 12:42 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 12:42 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 12:42 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 12:42 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 12:42 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 12:42 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 12:42 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 12:42 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 12:42 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 12:42 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 12:42 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 12:42 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 12:42 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 12:42 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 12:42 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 12:42 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 12:42 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 12:42 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 12:42 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 12:42 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 12:42 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 12:42 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 12:42 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 12:42 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 12:42 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 12:42 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 12:42 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 12:42 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 12:42 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 12:42 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 12:42 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 12:42 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 12:42 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 12:42 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 12:42 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 12:42 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 12:42 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 12:42 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 12:42 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 12:42 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 12:42 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 12:42 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 12:41 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 12:41 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 12:41 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 12:41 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 12:41 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 12:41 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 12:41 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 12:41 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 12:41 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 12:41 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 12:41 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 12:41 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 12:41 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 12:41 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 12:41 - 2016-12-20 22:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 12:41 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 12:41 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 12:41 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 12:41 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 12:41 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 12:41 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 12:41 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 12:41 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 12:41 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 12:41 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 12:41 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 12:41 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 12:41 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 12:41 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 12:41 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 12:41 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 12:41 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 12:41 - 2016-12-13 20:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 12:41 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-09 09:44 - 2017-01-09 09:46 - 00000000 ____D C:\Users\Andrew\AppData\Local\deadbolt_game
2017-01-07 16:00 - 2017-01-07 16:00 - 02163581 _____ C:\Users\Andrew\Desktop\Your_New_Position_at_Nintex.pdf
2016-12-31 12:12 - 2016-12-31 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Real Texas [GOG.com]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 22:00 - 2014-03-29 19:19 - 00000000 ____D C:\Users\Andrew\AppData\Local\Battle.net
2017-01-29 21:54 - 2016-09-29 03:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-29 21:38 - 2011-05-17 20:16 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Mumble
2017-01-29 21:04 - 2012-12-31 09:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\Ubisoft Game Launcher
2017-01-29 12:25 - 2016-09-29 03:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-29 12:08 - 2014-12-11 15:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 23:14 - 2016-01-06 17:17 - 00518392 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-01-28 22:02 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-28 14:53 - 2011-01-08 08:52 - 00000000 ____D C:\Users\Andrew\Documents\My Games
2017-01-28 10:36 - 2016-02-19 23:42 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2017-01-27 23:04 - 2014-06-09 19:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\Daedalic Entertainment
2017-01-27 15:53 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 12:48 - 2016-11-24 20:33 - 00000000 ____D C:\Users\Andrew\AppData\LocalLow\Mozilla
2017-01-26 23:04 - 2015-06-02 03:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-26 12:21 - 2016-01-23 16:39 - 00000000 ____D C:\Users\Andrew\Documents\Shiner
2017-01-25 21:58 - 2016-09-29 03:04 - 01444114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 21:53 - 2016-09-29 03:05 - 00000000 ____D C:\Users\Andrew
2017-01-25 21:52 - 2016-09-29 03:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 21:52 - 2011-06-08 04:13 - 00001024 _____ C:\.rnd
2017-01-25 21:51 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-25 01:08 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 23:00 - 2012-07-29 10:18 - 00000000 ____D C:\Users\Andrew\AppData\Local\TSVNCache
2017-01-24 22:59 - 2011-07-25 18:03 - 00022098 _____ C:\Users\Andrew\Desktop\Monthly.ods
2017-01-24 22:58 - 2011-11-10 18:14 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Origin
2017-01-24 22:58 - 2011-11-10 18:14 - 00000000 ____D C:\ProgramData\Origin
2017-01-24 22:52 - 2016-11-22 11:40 - 00001494 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-24 22:52 - 2016-11-22 11:39 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:52 - 2016-09-29 03:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-24 22:52 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-24 22:51 - 2016-12-18 16:13 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-11-22 11:39 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-11-22 11:39 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-11-22 11:39 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-11-22 11:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-11-22 11:39 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-24 22:51 - 2016-09-29 03:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-24 22:51 - 2016-09-29 03:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-22 17:28 - 2016-01-11 21:06 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2017-01-22 01:15 - 2016-02-15 07:26 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\discord
2017-01-22 01:14 - 2016-02-15 07:26 - 00002247 _____ C:\Users\Andrew\Desktop\Discord.lnk
2017-01-22 01:14 - 2016-02-15 07:26 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-22 01:14 - 2016-02-15 07:26 - 00000000 ____D C:\Users\Andrew\AppData\Local\Discord
2017-01-16 05:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-15 14:48 - 2015-09-09 21:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-15 14:43 - 2016-09-29 03:03 - 00243208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-15 14:42 - 2016-12-18 16:13 - 00005943 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-15 14:42 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-15 14:42 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-15 14:42 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 14:42 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-15 14:42 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 07:55 - 2013-11-24 09:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 07:51 - 2015-09-18 20:57 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-06 19:14 - 2012-12-23 09:07 - 00000000 ____D C:\Users\Andrew\Desktop\Games
2017-01-05 17:10 - 2016-07-18 21:19 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-05 17:10 - 2015-12-03 21:21 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-05 17:10 - 2015-11-17 19:15 - 01855544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-05 17:10 - 2015-11-17 19:15 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-05 17:10 - 2015-11-17 19:15 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-05 17:10 - 2015-11-17 19:15 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-05 16:09 - 2016-12-18 16:13 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-05 15:42 - 2016-11-22 11:39 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-12-31 18:13 - 2016-03-24 18:16 - 00001138 _____ C:\Users\Andrew\Desktop\nativelog.txt
2016-12-31 12:12 - 2015-08-02 21:08 - 00000000 ____D C:\Program Files (x86)\GalaxyClient

==================== Files in the root of some directories =======

2013-12-18 19:11 - 2013-12-20 05:17 - 0000239 _____ () C:\Users\Andrew\AppData\Roaming\BreakingPoint_Login.ini
2013-12-18 20:52 - 2013-12-20 05:53 - 0001220 _____ () C:\Users\Andrew\AppData\Roaming\BreakingPoint_Options.ini
2016-03-26 13:56 - 2016-04-22 16:45 - 0002484 _____ () C:\Users\Andrew\AppData\Roaming\SpeedRunnersLog.txt
2016-09-03 19:17 - 2016-09-19 17:11 - 0000600 _____ () C:\Users\Andrew\AppData\Local\PUTTY.RND
2015-09-26 23:29 - 2016-08-24 20:58 - 0007610 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2015-10-17 08:25 - 2015-10-17 08:25 - 0000148 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-18 16:13 - 2017-01-24 22:51 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-18 16:13 - 2017-01-15 14:42 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2016-09-29 18:03 - 2017-01-25 21:52 - 0619840 _____ () C:\Users\Andrew\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2016-08-21 10:44 - 2016-08-11 03:30 - 0746088 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll
2016-08-21 10:44 - 2016-08-11 03:30 - 0860776 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI64.dll
2016-12-18 17:15 - 2016-08-11 03:30 - 0347192 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe
2016-11-22 11:39 - 2016-11-17 05:46 - 1137208 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\NvTelemetry.dll
2016-11-22 11:39 - 2016-12-12 15:36 - 0253376 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-11-22 11:39 - 2016-12-12 15:36 - 0334272 _____ (NVIDIA Corporation) C:\Users\Andrew\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-11 09:45 - 2016-10-11 09:45 - 41769600 _____ (Skype Technologies S.A.) C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
2017-01-20 22:53 - 2017-01-20 22:53 - 0000000 ____D () C:\Users\Andrew\AppData\Local\Temp\Syndicate.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-24 08:17

==================== End of FRST.txt ============================

Attached Files


Edited by Waves2017, 30 January 2017 - 02:02 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 30 January 2017 - 09:02 AM

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.

Please allow me some time to analyse your logs and I will be back with instructions.

#3 Waves2017

Waves2017
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 31 January 2017 - 12:46 AM

Awesome, thank you for the acknowledge Sintharius! :)



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 31 January 2017 - 11:46 AM

Hello Waves2017,

Your logs did not show any signs of infection - if you did not run the downloaded file then nothing is installed. Please take note of the instructions below.

:step1: Peer-to-peer software

I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

***

:step2: Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Please let me know once you have finished the tasks.

#5 Waves2017

Waves2017
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 01 February 2017 - 12:13 AM

Hello Sintharius,

 

Ah excellent! I'm so glad that you didn't see any signs of infection, unfortunately I'm not sure if I downloaded it and ran it or not. :( My download history for Google Chrome was empty when I checked to see if I had the ZIP file anywhere on my machine. I couldn't find any trace of it.

 

That's a good callout on uTorrent that a lot of people may not be aware of. I don't even exactly remember why I got it, but it was to get something that wasn't pirated (distros and such).

 

I'm sorry, but am I missing where the attached file is? "fixlist.txt"

 

I don't seem to be able to see an attachment by that name. :( I'm sorry!



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 01 February 2017 - 03:51 AM

It looks like I forgot to attach it, my bad!

You can find it below :)

Attached Files



#7 Waves2017

Waves2017
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 02 February 2017 - 12:25 AM

Thank you Sintharius, it looks like it removed the keys successfully! :) I guess since I'm on Windows 10 I don't really need that, if it was legit.

 

I should put AdBlock and NoScript onto my Chrome, that's how I ended up with this scare in the first place. Just like you said, banner ad rotation and something popped up that hijacked things. No more of that, not sure why I had it on Firefox but not on Chrome.

 

Results below!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Andrew (01-02-2017 21:20:39) Run:1
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {03500A45-A02B-4534-AC2E-10CC03FF2230} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {093C9BA2-766E-4638-B537-641C45BF3DF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5663E039-5478-429B-9D63-78B649E65EF1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60A143C6-77D9-4E92-9377-627F2C39AE36} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {786D9680-8BEE-4492-BADC-4C1D6FD5120A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C205F77C-CDCE-4B4B-A236-1175443A49E1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C470E331-A4E3-4487-879C-43518EF46D51} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D52FF83C-953B-4AE4-987D-89F12D4667E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DAC1AB3A-69CE-41D5-BAC3-F7010477709E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DB775B6D-EE78-4F52-8D46-52E57636EBD6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F4B8B051-7551-460D-AC63-CA8D184A645E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03500A45-A02B-4534-AC2E-10CC03FF2230} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03500A45-A02B-4534-AC2E-10CC03FF2230} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{093C9BA2-766E-4638-B537-641C45BF3DF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{093C9BA2-766E-4638-B537-641C45BF3DF6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5663E039-5478-429B-9D63-78B649E65EF1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5663E039-5478-429B-9D63-78B649E65EF1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60A143C6-77D9-4E92-9377-627F2C39AE36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A143C6-77D9-4E92-9377-627F2C39AE36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786D9680-8BEE-4492-BADC-4C1D6FD5120A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786D9680-8BEE-4492-BADC-4C1D6FD5120A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C205F77C-CDCE-4B4B-A236-1175443A49E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C205F77C-CDCE-4B4B-A236-1175443A49E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C470E331-A4E3-4487-879C-43518EF46D51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C470E331-A4E3-4487-879C-43518EF46D51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D52FF83C-953B-4AE4-987D-89F12D4667E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52FF83C-953B-4AE4-987D-89F12D4667E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC1AB3A-69CE-41D5-BAC3-F7010477709E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC1AB3A-69CE-41D5-BAC3-F7010477709E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB775B6D-EE78-4F52-8D46-52E57636EBD6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB775B6D-EE78-4F52-8D46-52E57636EBD6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4B8B051-7551-460D-AC63-CA8D184A645E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B8B051-7551-460D-AC63-CA8D184A645E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully

==== End of Fixlog 21:20:40 ====



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 04 February 2017 - 02:42 AM

Hello Waves2017,

We will run one more scan to make sure everything is clean.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.


#9 Waves2017

Waves2017
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 05 February 2017 - 09:23 PM

Alright, done! Thank you for the additional scan suggestion Sintharius! :)

 

Looks like Defraggler and Speccy got picked up. I can always re-download them, same with Torrent if I find I need to pick up any updated distros.

 

Please let me know if there is anything additional you need or would like me to do. Thank you for your time!

 

E:\Downloads\FLVPlayerSetup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    cleaned by deleting
E:\Downloads\uTorrent.exe    a variant of Win32/Bunndle potentially unsafe application    cleaned by deleting
E:\Downloads\Tools\Utilities\dfsetup221.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
E:\Downloads\Tools\Utilities\spsetup129.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
E:\Program Files (x86)\uTorrent\uTorrent.exe.32515.tmp    a variant of Win32/Bunndle potentially unsafe application    cleaned by deleting
 



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 07 February 2017 - 03:45 AM

Hello Waves2017,

The removed keys were part of Get Windows 10. Since you already have Windows 10, they are no longer needed  :)

I recommend uBlock Origin for Chrome instead of Adblock, since it blocks more stuff and use less resources.

Please run one last tool to clean things up, and you are good to go.

Download DelFix from here and save it to your Desktop.

  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process, purge all system restore points and create a new one, activate UAC (if you have it disabled) and restore settings changed by malware removal tools.

Safe computing practices

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Please reply to this thread one more time so it can be closed. It has been a pleasure to help. 



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:30 AM

Posted 09 February 2017 - 01:17 PM

Are you still with me?

#12 Waves2017

Waves2017
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 10 February 2017 - 01:14 AM

Hey Sintharius,

 

sorry been a few long days at work. I just started a new job, and there is a loooot to do.

 

uBlock, I installed it after taking a look at it. Thanks for the suggestion!

 

Grabbed DelFix as well.

 

I appreciate your time and all your help! Malware, and viruses etc, are quite the rabbitholes to explore.

 

Anything else on my end needed?



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:30 AM

Posted 11 February 2017 - 03:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users