Adware called "savingscool"

puffinmasta · December 23, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Jacob (administrator) on JACOB-PC (22-12-2016 18:44:12)
Running from C:\Users\Jacob\Downloads
Loaded Profiles: Jacob (Available Profiles: Jacob & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Windows NT\Accessories\OptimizationManager\roptman.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\ProgramData\Microsoft\Windows\CredManager\wcredman.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\CredManager\wcredman.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-20] (AVAST Software)
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-277604445-3734476892-923245605-1000\...\MountPoints2: {405165b5-8e3d-11e2-af6a-f46d043b8b29} - E:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-20] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyEnable: [S-1-5-21-277604445-3734476892-923245605-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-277604445-3734476892-923245605-1000] => http=127.0.0.1:47574
Tcpip\..\Interfaces\{D03C9EAB-0037-455A-B95C-9C3F54CCF741}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\S-1-5-21-277604445-3734476892-923245605-1000 -> DefaultScope {AA2ACB65-8CAF-438E-B071-4B8CF7D599EB} URL =
SearchScopes: HKU\S-1-5-21-277604445-3734476892-923245605-1000 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311516&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC06MWF927Q7JC%2Bvz1nQlLHMwtviL9EUtgITgklNAo9lSUwsq44XBubSBCUOOP2F4nJDzp8xlwvGNaAJ0vQiI604Zdf5ewExJ0Np2Dt5P2FnTze9huNV1Mx3GavjoOsl0feQ1RiU%2FEczJY6IjK1oPZ8jj5H2hrHmz1cysCBK0qIYWRQzIrklnD9tdwlmTA%2BA%2B6IH9A7NDNaqs2iLEIDQK7C1wdzfYEyJ5KJotg%2FnusfrCQ%3D%3D&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-20] (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\5fs5lxzt.default [2016-12-22]
FF NewTab: Mozilla\Firefox\Profiles\5fs5lxzt.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311516&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC06MWF927Q7JC%2Bvz1nQlLHMXYuw4mH18WSRiHUwEFlX7PBJII1289f%2BCdF%2FWjnNTd1pKpavJAdAasSDYJgNts9eROHhLzTxslbImoevSG4lkFrJ1zsEYPvVpF%2FkCZ89nXTLqo7SDo77MDbiNhPSxOmKmLhjWcZWtCVa%2BKUUszbQETSlbbEXq7etl0xNXBxN3BsN%2Bmv9eBJGRN0IlOoVcuX05OLp%2BjLy2Y6D5MLkxoSPyA%3D%3D
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5fs5lxzt.default -> Yahoo powered search
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\5fs5lxzt.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\5fs5lxzt.default -> Yahoo powered search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5fs5lxzt.default -> Yahoo powered search
FF Homepage: Mozilla\Firefox\Profiles\5fs5lxzt.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311516&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC06MWF927Q7JC%2Bvz1nQlLHMeoEeeAuoVEAoIFJDGV4Xl0FDiFcImEutanUCgGNZ21M4SsG263f2vcJZAQ%2FDomBPSGK2I4JV0WLP0jo4fwG0YTRLprRodNFDq5OkzngP528GnaU1RnSvQ5OOd3Tfzg69u7u22yc7UGFHxNpw%2BTJ67sZSX7%2BGTu0c%2FEV2goJQamzS1EKlS8J0%2FmXA1Yj4obpBhyL73q%2BCIIp%2FtJmysUTwOg%3D%3D
FF Extension: (Updated Ad Blocker for Firefox 11+) - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\5fs5lxzt.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2016-04-27]
FF Extension: (Adblock Plus) - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\5fs5lxzt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: (Greasemonkey) - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\5fs5lxzt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\5fs5lxzt.default\searchplugins\Yahoo powered search.xml [2016-12-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-277604445-3734476892-923245605-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311516&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC06MWF927Q7JC%2Bvz1nQlLHMLyw9lcoCPPMiG96oeJaCPox%2BvgA0j6TsSWM6GcB%2B%2F8RVOuNZGUYnHXFCQHE2862swpx1Mch71ckLKELky2MMz5tGqGVoHnAUxLk6HE7GnCCvyGEBlAsQrnAimUfRZBZLgocj918XQJiAEJW1EEIVoS0MN%2B5z7Ahm85ssnS9reEswZ4r67PH0DGSSdTza%2B%2FZWZlWi2Vq28IoNdkUSHlLxtA%3D%3D
CHR Profile: C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (BetterTTV) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-11]
CHR Extension: (Google Drive) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"roptman" => service was unlocked. <===== ATTENTION
"wcredman" => service was unlocked. <===== ATTENTION

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-20] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
S4 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [279552 2016-06-13] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-05-05] (EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-03] (Hi-Rez Studios) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 roptman; C:\Program Files (x86)\Windows NT\Accessories\OptimizationManager\roptman.exe [102912 2016-12-14] () [File not signed]
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 wcredman; C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\CredManager\wcredman.exe [728064 2016-12-14] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-12-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-20] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-22] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:44 - 2016-12-22 18:45 - 00019101 _____ C:\Users\Jacob\Downloads\FRST.txt
2016-12-22 18:44 - 2016-12-22 18:44 - 00000000 ____D C:\FRST
2016-12-22 18:43 - 2016-12-22 18:43 - 02420736 _____ (Farbar) C:\Users\Jacob\Downloads\FRST64.exe
2016-12-22 15:00 - 2016-12-22 18:01 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-22 15:00 - 2016-12-22 15:00 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-22 15:00 - 2016-12-22 15:00 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-22 15:00 - 2016-12-22 15:00 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-22 15:00 - 2016-12-22 15:00 - 00001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-22 15:00 - 2016-12-22 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-22 15:00 - 2016-12-22 15:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-22 15:00 - 2016-12-22 15:00 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-22 15:00 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-22 14:57 - 2016-12-22 14:57 - 54199488 _____ (Malwarebytes ) C:\Users\Jacob\Downloads\mb3-setup-consumer-3.0.5.1299 (1).exe
2016-12-22 12:20 - 2016-12-22 12:21 - 01932769 _____ C:\Users\Jacob\Downloads\ProcessExplorer.zip
2016-12-20 21:47 - 2016-12-20 21:47 - 00000000 ____D C:\Users\Jacob\Documents\Dolphin Emulator
2016-12-20 21:45 - 2016-12-20 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2016-12-20 21:45 - 2016-12-20 21:47 - 00000000 ____D C:\Program Files\Dolphin
2016-12-20 21:45 - 2016-12-20 21:45 - 00000756 _____ C:\Users\Public\Desktop\Dolphin.lnk
2016-12-20 21:44 - 2016-12-20 21:44 - 19327064 _____ C:\Users\Jacob\Downloads\dolphin-x64-5.0.exe
2016-12-20 20:00 - 2016-12-20 20:00 - 54199488 _____ (Malwarebytes ) C:\Users\Jacob\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-20 19:36 - 2016-12-20 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-20 19:35 - 2016-12-20 19:35 - 08803648 _____ (Piriform Ltd) C:\Users\Jacob\Downloads\ccsetup525.exe
2016-12-20 19:33 - 2016-12-20 19:34 - 00002176 _____ C:\Users\Jacob\Desktop\Rkill.txt
2016-12-20 19:33 - 2016-12-20 19:33 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Jacob\Downloads\rkill64.exe
2016-12-20 19:31 - 2016-12-20 19:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jacob\Downloads\rkill.exe
2016-12-20 13:05 - 2016-12-20 13:05 - 00000000 ____D C:\Users\Jacob\AppData\Local\AvastSupport
2016-12-20 13:00 - 2016-12-20 20:43 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458689518
2016-12-20 12:27 - 2016-12-20 12:27 - 47675104 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Windows-KB890830-x64-V5.43.exe
2016-12-20 12:24 - 2016-12-20 12:24 - 00221662 _____ C:\Users\Jacob\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-12-20 12:00 - 2016-12-20 12:00 - 00000042 _____ C:\Windows\SysWOW64\AK083E209605E394C.lie
2016-12-20 11:57 - 2016-12-20 11:58 - 02665688 _____ (www.PerfectUninstaller.net ) C:\Users\Jacob\Downloads\PerfectUninstaller_Setup.exe
2016-12-20 11:57 - 2016-12-20 11:58 - 02665688 _____ (www.PerfectUninstaller.net ) C:\Users\Jacob\Downloads\PerfectUninstaller_Setup (1).exe
2016-12-20 11:57 - 2016-12-20 11:57 - 01308780 _____ (www.PerfectUninstaller.net ) C:\Users\Jacob\Downloads\245D.tmp
2016-12-20 11:32 - 2016-12-20 11:31 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-20 11:31 - 2016-12-20 11:31 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-20 10:41 - 2016-12-20 10:41 - 00000000 _____ C:\autoexec.bat
2016-12-19 23:04 - 2016-12-20 00:18 - 00000000 ____D C:\Users\Jacob\Desktop\Wii games
2016-12-19 22:17 - 2016-12-19 23:03 - 331570210 _____ C:\Users\Jacob\Downloads\Rune_Factory_Frontier_USA_Wii-PROMiNENT.7z
2016-12-19 22:14 - 2016-12-19 22:14 - 00000450 _____ C:\Users\Jacob\Downloads\RUFE Rune Factory - Frontier [NTSC-U].txt
2016-12-19 22:13 - 2016-12-19 22:14 - 00000000 ____D C:\Users\Jacob\AppData\Local\QuickPar
2016-12-19 22:13 - 2016-12-19 22:13 - 00615632 _____ C:\Users\Jacob\Downloads\RUFE Rune Factory - Frontier [NTSC-U].vol0+1.PAR2
2016-12-19 22:11 - 2016-12-19 22:11 - 00001007 _____ C:\Users\UpdatusUser\Desktop\QuickPar.lnk
2016-12-19 22:11 - 2016-12-19 22:11 - 00001007 _____ C:\Users\Jacob\Desktop\QuickPar.lnk
2016-12-19 22:11 - 2016-12-19 22:11 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2016-12-19 22:11 - 2016-12-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2016-12-19 22:11 - 2016-12-19 22:11 - 00000000 ____D C:\Program Files (x86)\QuickPar
2016-12-19 22:10 - 2016-12-19 22:10 - 00501363 _____ (Peter B Clements) C:\Users\Jacob\Downloads\QuickPar-0.9.1.0.exe
2016-12-19 20:33 - 2016-12-19 21:26 - 00000000 ____D C:\Windows\system32\SSL
2016-12-19 20:31 - 2016-12-20 09:15 - 00000000 ____D C:\Program Files (x86)\UpdateFiles
2016-12-19 20:31 - 2016-12-19 20:32 - 00000000 ____D C:\Program Files (x86)\DownloadUtilites
2016-12-19 20:31 - 2016-12-19 20:31 - 00000000 ____D C:\Program Files (x86)\NetASetup
2016-12-17 14:36 - 2016-12-17 14:37 - 61958930 _____ C:\Users\Jacob\Downloads\1330 - Rune Factory - A Fantasy Harvest Moon (U)(XenoPhobia).7z
2016-12-17 14:20 - 2016-12-17 15:03 - 00000000 ____D C:\Users\Jacob\Desktop\Nintindo DS
2016-12-17 14:18 - 2016-12-17 14:19 - 00206531 _____ C:\Users\Jacob\Downloads\no$gba-w.zip
2016-12-14 17:39 - 2016-11-12 13:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 17:39 - 2016-11-12 12:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 17:39 - 2016-11-12 12:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 17:39 - 2016-11-12 11:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 17:39 - 2016-11-12 11:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 17:39 - 2016-11-12 11:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 17:39 - 2016-11-12 11:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 17:39 - 2016-11-12 11:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 17:39 - 2016-11-06 10:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 17:38 - 2016-11-21 12:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 17:38 - 2016-11-21 12:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 17:38 - 2016-11-21 12:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 17:38 - 2016-11-21 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 17:38 - 2016-11-20 10:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 17:38 - 2016-11-20 10:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 17:38 - 2016-11-20 10:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 17:38 - 2016-11-20 10:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 17:38 - 2016-11-20 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 17:38 - 2016-11-20 10:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 17:38 - 2016-11-20 10:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 17:38 - 2016-11-20 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 17:38 - 2016-11-20 09:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 17:38 - 2016-11-20 09:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 17:38 - 2016-11-20 09:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 17:38 - 2016-11-20 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 17:38 - 2016-11-20 09:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 17:38 - 2016-11-20 08:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 17:38 - 2016-11-17 10:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 17:38 - 2016-11-14 17:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-14 17:38 - 2016-11-14 16:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 17:38 - 2016-11-12 13:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-14 17:38 - 2016-11-12 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 17:38 - 2016-11-12 13:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-14 17:38 - 2016-11-12 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-14 17:38 - 2016-11-12 13:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-14 17:38 - 2016-11-12 13:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 17:38 - 2016-11-12 13:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-14 17:38 - 2016-11-12 13:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-14 17:38 - 2016-11-12 13:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-14 17:38 - 2016-11-12 13:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-14 17:38 - 2016-11-12 13:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-14 17:38 - 2016-11-12 13:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-14 17:38 - 2016-11-12 13:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-14 17:38 - 2016-11-12 13:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 17:38 - 2016-11-12 13:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-14 17:38 - 2016-11-12 12:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 17:38 - 2016-11-12 12:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-14 17:38 - 2016-11-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 17:38 - 2016-11-12 12:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 17:38 - 2016-11-12 12:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-14 17:38 - 2016-11-12 12:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-14 17:38 - 2016-11-12 12:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-14 17:38 - 2016-11-12 12:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-14 17:38 - 2016-11-12 12:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-14 17:38 - 2016-11-12 12:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 17:38 - 2016-11-12 12:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-14 17:38 - 2016-11-12 12:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 17:38 - 2016-11-12 12:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-14 17:38 - 2016-11-12 12:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 17:38 - 2016-11-12 12:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-14 17:38 - 2016-11-12 12:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 17:38 - 2016-11-12 12:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-14 17:38 - 2016-11-12 12:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-14 17:38 - 2016-11-12 12:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 17:38 - 2016-11-12 12:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 17:38 - 2016-11-12 12:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-14 17:38 - 2016-11-12 12:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 17:38 - 2016-11-12 12:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-14 17:38 - 2016-11-12 12:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 17:38 - 2016-11-12 12:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-14 17:38 - 2016-11-12 12:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-14 17:38 - 2016-11-12 12:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 17:38 - 2016-11-12 11:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 17:38 - 2016-11-12 11:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-14 17:38 - 2016-11-12 11:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-14 17:38 - 2016-11-12 11:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 17:38 - 2016-11-12 11:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 17:38 - 2016-11-12 11:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-14 17:38 - 2016-11-12 11:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-14 17:38 - 2016-11-12 11:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 17:38 - 2016-11-12 11:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 17:38 - 2016-11-12 11:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 17:38 - 2016-11-12 11:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 17:38 - 2016-11-12 11:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 17:38 - 2016-11-12 11:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 17:38 - 2016-11-12 11:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 17:38 - 2016-11-10 10:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 17:38 - 2016-11-10 10:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 17:38 - 2016-11-09 10:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 17:38 - 2016-11-09 10:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 17:38 - 2016-11-09 10:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 17:38 - 2016-11-09 10:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 17:38 - 2016-11-09 10:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 17:38 - 2016-11-09 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 17:38 - 2016-11-09 10:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 17:38 - 2016-11-09 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 17:38 - 2016-11-09 10:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 17:38 - 2016-11-09 10:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 17:38 - 2016-11-09 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 17:38 - 2016-11-09 10:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 17:38 - 2016-11-09 10:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 17:38 - 2016-11-09 09:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 17:38 - 2016-11-06 10:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 17:38 - 2016-11-06 10:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 17:38 - 2016-10-27 09:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 17:38 - 2016-10-27 09:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 17:38 - 2016-10-11 09:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 17:38 - 2016-10-11 09:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 17:38 - 2016-10-11 09:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 17:38 - 2016-10-11 09:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 17:38 - 2016-10-11 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 17:38 - 2016-10-11 09:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 17:38 - 2016-10-11 09:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 17:38 - 2016-10-11 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 17:38 - 2016-10-11 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 17:38 - 2016-10-11 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 17:38 - 2016-10-11 08:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 17:38 - 2016-10-11 08:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 17:38 - 2016-10-11 08:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 17:38 - 2016-10-11 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 17:38 - 2016-10-11 08:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 17:38 - 2016-10-11 08:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 17:38 - 2016-10-11 08:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 17:38 - 2016-10-11 08:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 08:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 08:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 08:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 17:38 - 2016-10-11 07:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 17:38 - 2016-10-11 07:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 17:38 - 2016-10-08 07:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 17:38 - 2016-10-04 09:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 17:38 - 2016-10-04 09:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 17:38 - 2016-10-04 09:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 17:38 - 2016-10-04 09:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 17:38 - 2016-10-04 09:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 17:38 - 2016-10-04 09:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 17:38 - 2016-10-04 09:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 17:38 - 2016-10-04 09:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-05 01:26 - 2016-12-11 00:05 - 00000000 ____D C:\Users\Jacob\Documents\OrcishInn
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:17 - 2012-11-08 03:28 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Skype
2016-12-22 17:54 - 2012-11-06 22:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-22 15:05 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-22 15:05 - 2009-07-13 22:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-22 15:01 - 2012-11-06 21:58 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-22 14:54 - 2013-05-06 16:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-22 14:53 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-22 12:22 - 2014-11-19 23:04 - 00000000 ____D C:\Users\Jacob\Desktop\Dad music
2016-12-22 12:20 - 2014-12-04 21:04 - 00000000 ____D C:\Windows\pss
2016-12-22 11:51 - 2016-08-15 01:43 - 00000000 _____ C:\hsrv.txt
2016-12-22 11:50 - 2012-11-06 21:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-21 22:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-12-21 13:59 - 2016-05-31 12:37 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-21 13:59 - 2013-05-19 19:31 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\TS3Client
2016-12-21 13:59 - 2013-03-16 17:44 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\BitTorrent
2016-12-21 13:59 - 2013-01-08 14:50 - 00000000 ____D C:\Users\Jacob\AppData\Local\LogMeIn Hamachi
2016-12-20 21:47 - 2013-11-30 08:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-20 20:28 - 2012-12-11 18:59 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2016-12-20 20:26 - 2012-12-11 18:59 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\ParetoLogic
2016-12-20 20:26 - 2012-12-11 18:59 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-12-20 19:36 - 2015-09-30 02:53 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-20 12:27 - 2012-12-07 15:28 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-20 12:26 - 2015-03-24 23:59 - 00000000 ____D C:\Users\Jacob\AppData\Local\ElevatedDiagnostics
2016-12-20 11:32 - 2013-03-14 10:20 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-20 11:32 - 2012-12-06 08:11 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-20 11:32 - 2012-12-06 08:10 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-20 11:32 - 2012-12-06 08:10 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-20 11:31 - 2016-03-22 17:31 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-12-20 11:31 - 2014-10-03 13:28 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-20 11:31 - 2014-10-03 13:28 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-20 11:31 - 2013-03-14 10:20 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148225517375212
2016-12-20 11:31 - 2013-03-14 10:20 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-20 11:31 - 2012-12-06 08:11 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148225517226910
2016-12-20 11:31 - 2012-12-06 08:10 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148225517142607
2016-12-20 11:31 - 2012-12-06 08:10 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-20 11:31 - 2012-12-06 08:10 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-20 11:25 - 2016-08-14 23:06 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Hola
2016-12-20 10:40 - 2012-11-10 12:46 - 00064992 _____ C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-20 09:15 - 2009-07-13 22:45 - 00297496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-19 20:49 - 2012-12-06 08:12 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-19 20:44 - 2012-12-06 08:12 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 15:35 - 2012-12-06 08:11 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 15:35 - 2012-12-06 08:11 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 20:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-12-15 13:46 - 2009-07-13 23:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-14 22:22 - 2013-08-17 22:13 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 22:14 - 2012-12-20 05:42 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-13 19:00 - 2012-11-06 22:10 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:00 - 2012-11-06 22:10 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:00 - 2012-11-06 22:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:00 - 2012-11-06 22:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:00 - 2012-11-06 22:10 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 11:16 - 2015-02-18 23:36 - 00000000 ____D C:\Users\Jacob\AppData\Local\Steam
2016-12-08 23:22 - 2015-02-20 11:50 - 00000000 ____D C:\Users\Jacob\Desktop\ORc
2016-12-07 19:04 - 2014-06-17 10:49 - 00000000 __SHD C:\Users\Jacob\AppData\Local\EmieUserList
2016-12-07 19:04 - 2014-06-17 10:49 - 00000000 __SHD C:\Users\Jacob\AppData\Local\EmieSiteList
2016-11-22 15:27 - 2012-11-08 03:28 - 00000000 ____D C:\ProgramData\Skype
2016-11-22 15:26 - 2016-01-06 08:50 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2016-08-15 01:36 - 2016-08-15 01:42 - 0002633 _____ () C:\Users\Jacob\AppData\Roaming\droid4xinstaller.log
2013-03-26 02:49 - 2013-03-26 02:49 - 0065429 _____ () C:\Users\Jacob\AppData\Roaming\icarus-dxdiag.xml
2013-11-18 22:53 - 2015-12-13 22:47 - 0007605 _____ () C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
2016-10-09 17:47 - 2016-10-09 17:47 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\Jacob\_steam_api.dll

Some files in TEMP:
====================
C:\Users\Jacob\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-14 19:15

==================== End of FRST.txt ============================

Addition.txt

AdvancedSetup · December 27, 2016

Sorry for the delay. @puffinmasta

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large, then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
You can check here if you're not sure if your computer is 32-bit or 64-bit
Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
When we are done, I'll give you instructions on how to clean up all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days
(If I have not responded within 24 hours, please send me a Private Message as a reminder)

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program, please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

puffinmasta · December 27, 2016

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/27/16
Scan Time: 2:24 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.871
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jacob-PC\Jacob

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390486
Time Elapsed: 18 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, No Action By User, [2800], [355502],1.0.871

Module: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, No Action By User, [2800], [355502],1.0.871

Registry Key: 3
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\roptman, No Action By User, [2800], [355502],1.0.871
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [2800], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WCREDMAN, No Action By User, [2800], [355516],1.0.871

Registry Value: 4
Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [2800], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-21-277604445-3734476892-923245605-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [2800], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [2800], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WCREDMAN|IMAGEPATH, No Action By User, [2800], [355516],1.0.871

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, No Action By User, [2800], [355502],1.0.871

Physical Sector: 0
(No malicious items detected)

(end)

I'm using 3.0.5 and some of the instructions you gave were actionable but not exactly what I'm seeing. For instance, you told me to " Open up Malwarebytes > Settings > Detection and Protection... " but the options you spoke of were under Malwarebytes > Settings > Protection. Is that an Issue? am I using the wrong version? The client says I'm up to date.

AdvancedSetup · December 29, 2016

Sorry about that. Yes, the directions were for 2.x and the 3.x is a little different.

The log shows it found items but that you chose not to remove them. Please run it again and this time make sure you choose to have MBAM remove what it found and post back the new log.

Thanks

puffinmasta · December 29, 2016

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/29/16
Scan Time: 11:11 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.886
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jacob-PC\Jacob

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390563
Time Elapsed: 17 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, Quarantined, [2798], [355502],1.0.886

Module: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, Quarantined, [2798], [355502],1.0.886

Registry Key: 3
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\roptman, Quarantined, [2798], [355502],1.0.886
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [2798], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WCREDMAN, Quarantined, [2798], [355516],1.0.886

Registry Value: 4
Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [2798], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-21-277604445-3734476892-923245605-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [2798], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [2798], [-1],0.0.0
Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WCREDMAN|IMAGEPATH, Quarantined, [2798], [355516],1.0.886

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.SavingsCool.PrxySvrRST, C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\OPTIMIZATIONMANAGER\ROPTMAN.EXE, Quarantined, [2798], [355502],1.0.886

Physical Sector: 0
(No malicious items detected)

(end)

I've done this a lot before i contacted you. The files always repair themselves. But maybe the options you had me change will fix that.

AdvancedSetup · December 29, 2016

We'll run some other scans.

STEP 03

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the “reset sync” button and click on the button
At the prompt click on “Ok”.

.
Reset Your Browser Settings
.

In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
Select “Settings”.
At the bottom, click “Show advanced settings…”
Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”.
In the dialog that appears, click “Reset”.

.
Close Chrome and restart it and check it out for me please

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

Right-click on icon and select Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan.
When finished, please click Clean.
Your PC should reboot now.
After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 06
Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View Log file (bottom left-hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program
If no threats were found, please confirm that result.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens, click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
Please attach the Additions.txt log to your reply as well.

Thanks

puffinmasta · December 29, 2016

I'm having issues getting Sephos Virus Removal Tool to install. install wizard finished once but didn't open the program like the others, and i can't work out where it saved the program.

I've done the steps up until that point and added the requested logs as attachments.

JRT.txt

AdwCleaner[C0].txt

puffinmasta · December 29, 2016

Sorry, nevermind, i figured sophos out.

puffinmasta · December 30, 2016

Sophos said no threats found.

here's the attachments from the last step.

FRST.txt

Addition (1).txt

AdvancedSetup · December 30, 2016

Please uninstall Jzip. If you want or need a great archiving utility without the PUP junk give 7-Zip a look.

Please also uninstall your Java as it's old and compromised.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer and run a new scan with Malwarebytes and post back the new log.

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager

Thanks

puffinmasta · December 30, 2016

I've uninstalled Java, but I can't find Jzip. I thought I uninstalled that back in 2013. The only thing i can find close to Jzip is a file that won't open.

Your instructions say to stop and ask when I have an issue so I've not run the scan yet.

AdvancedSetup · December 30, 2016

Go ahead and run the TFC cleaner. Then reboot and give me new logs as shown below.

Please read the following and post back the 3 requested logs as an attachment.

Diagnostic Logs

Thanks

puffinmasta · December 30, 2016

I've run the TFC cleaner and attached the three requested files.

Addition.txt

FRST.txt

CheckResults.txt

AdvancedSetup · December 30, 2016

Please look in your Registry by running regedit.exe and browse to this location and remove the following entries. Only these entries in red. Not the main key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
   C:\Users\Jacob\AppData\Local\Temp\VSDAF05.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe
   C:\Users\Jacob\AppData\Local\Temp\7zSD8A.tmp\MicroInstallerNative.exe
   C:\Users\Jacob\AppData\Local\Temp\~nsu.tmp\Au_.exe
   C:\Users\Jacob\AppData\Local\Temp\nsi34E0.tmp
   C:\Users\Jacob\AppData\Local\Temp\nss6B0C.tmp
   C:\Users\Jacob\AppData\Local\Temp\nsnDA23.tmp
   C:\Users\Jacob\AppData\Local\Temp\nsn3BA3.tmp
   C:\Users\Jacob\AppData\Local\Temp\nse4D02.tmp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files\Perfect Uninstaller\PU.exe

Then run the following

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Were you able to reset your browsers okay as well from the task listed above?

Edited December 30, 2016 by AdvancedSetup

puffinmasta · December 30, 2016

I've attached the file.

I was able to follow your instructions and reset my browsers, but with google chrome I didn't notice it do much. it simply logged me out of everything, but remembered my passwords and history. I wasn't sure what to expect it to do, so I'm not sure if that's right or not.

Fixlog.txt

puffinmasta · December 30, 2016

oh, and it also removed all my addons like adblock and my reddit tool. My memory is real bad.

puffinmasta · December 30, 2016

it disabled them, not removed them. Sorry. lol

AdvancedSetup · December 30, 2016

Okay, so how is the computer running now?

Are there still any signs of an infection or redirect?

puffinmasta · December 30, 2016

No signs of any foul play. The popups stopped part way through the process, thankfully, and it feels like the slowdown it was causing has stopped. but I was also concerned it may have been spyware as it kept repairing it's self even after it failed to start the pop ups.

I take it it's been excised from my machine now? that was the only thing I've seen in a while so sticky a normal scan didn't clear it. Thanks so much for your help so far.

AdvancedSetup · December 30, 2016

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

puffinmasta · December 31, 2016

I've removed all previous restore points and made a new one. Java seems to be uninstalled from when you asked me to earlier, and i don't see it on my browsers as I'm hitting dead ends on the instructions to remove it.

Thanks so much for your help man. I'll read what you've linked.

AdvancedSetup · December 31, 2016

You're quite welcome. Take care and stay safe out there and have a fantastic new 2017 with friends and family.

puffinmasta · December 31, 2016

You too!

AdvancedSetup · December 31, 2016

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Adware called "savingscool"

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information