Author Topic: [In Progress] Recommended Update Pop-Up  (Read 391 times)

Offline NiteKat

  • Bronze Member
  • Posts: 104
[In Progress] Recommended Update Pop-Up
« on: September 15, 2017, 07:50:10 AM »
Hello,

I am experiencing a pop-up periodically that tries to mimic an automatic update. I tried running MalwareBytes Anti-Malware, and it does not detect any threats. I cannot paste both DDS.txt and Attach.txt per forum instructions due to the message exceeding the maximum allowed length (65000 characters) when I do so, so I have attached attach.txt in order to post.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608  BrowserJavaVersion: 11.141.2
Run by Daniel at 9:38:54 on 2017-09-15
Microsoft Windows 10 Home  10.0.15063.0.1252.1.1033.18.16328.11758 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k networkservice -s TermService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k netsvcs -s SessionEnv
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -s FontCache
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
E:\Program Files (x86)\Origin\OriginWebHelperService.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
E:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -s Browser
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe -k localservicenonetwork -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
C:\WINDOWS\system32\SearchIndexer.exe
E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\system32\SettingSyncHost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
E:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Twitch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
E:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
E:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.2271.0_x64__8wekyb3d8bbwe\Calculator.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://us.yahoo.com?fr=appattach&type=94
uProxyOverride = <local>
mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Amazon Music] "C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [OneDrive] "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [DAEMON Tools Lite Automount] "E:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Corsair Utility Engine] "E:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe" --autorun
StartupFolder: C:\Users\Daniel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Twitch.lnk - C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Twitch.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{68338419-4bd7-4150-aab0-dc1fba74437b} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [TortoiseHgOverlayIconServer] E:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
x64-Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\WINDOWS\System32\drivers\mbae64.sys [2017-3-8 77440]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R1 MpKsl914bec5b;MpKsl914bec5b;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52DBFEEA-9DA1-4A64-A318-9AA817E5B27D}\MpKsl914bec5b.sys [2017-9-15 44928]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;C:\WINDOWS\System32\drivers\VBoxNetLwf.sys [2017-1-16 205440]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-4-3 83768]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_84020;Connected Devices Platform User Service_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe [2017-7-31 71512]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2017-6-29 3418024]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2015-7-9 21744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-9-3 154584]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [2016-5-27 419248]
R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2017-9-7 192960]
R2 MBAMService;Malwarebytes Service;E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-7 6058960]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-6-1 462968]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-7 1163712]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-1-7 425408]
R2 OneSyncSvc_84020;Sync Host_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 Origin Web Helper Service;Origin Web Helper Service;E:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-9-3 2977640]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-7-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_84020;Windows Push Notifications User Service_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2017-6-21 45528]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2017-6-21 21968]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;E:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-6-18 1268568]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-8-30 30264]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-7-30 47008]
R3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e2xw10x64.sys [2017-3-18 145920]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 MBAMFarflt;MBAMFarflt;C:\WINDOWS\System32\drivers\farflt.sys [2017-3-8 101824]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-3-8 45472]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-3-8 253888]
R3 MBAMWebProtection;MBAMWebProtection;C:\WINDOWS\System32\drivers\mwac.sys [2017-3-8 94144]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-6-24 41088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-7 46016]
R3 PimIndexMaintenanceSvc_84020;Contact Data_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
R3 UnistoreSvc_84020;User Data Storage_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_84020;User Data Access_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
R3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2015/01/22 15:50:14;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2013-3-8 247768]
S2 DHCPservice;DHCP Server;E:\Program Files\dhcp\dhcp4nt.exe [2016-7-21 198144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-7 462784]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-2-27 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-6-10 1467912]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-12 39424]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2017-3-18 5632]
S3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_84020;DevicesFlow_84020;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EasyAntiCheat;EasyAntiCheat;C:\WINDOWS\System32\EasyAntiCheat.exe --> C:\WINDOWS\System32\EasyAntiCheat.exe [?]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2015-6-3 342240]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-5-13 887256]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_84020;MessagingService_84020;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-5-9 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-7 462784]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-7 27584]
S3 Origin Client Service;Origin Client Service;E:\Program Files (x86)\Origin\OriginClientService.exe [2017-9-3 2098528]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [2015-7-9 134656]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-9-12 104960]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-9 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 VBoxUSB;VirtualBox USB;C:\WINDOWS\System32\drivers\VBoxUSB.sys [2017-1-16 137920]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-7-22 89232]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;E:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-9-6 108776]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-11 757248]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-6-14 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-09-15 12:54:27   44928   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52DBFEEA-9DA1-4A64-A318-9AA817E5B27D}\MpKsl914bec5b.sys
2017-09-15 12:46:48   13482976   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52DBFEEA-9DA1-4A64-A318-9AA817E5B27D}\mpengine.dll
2017-09-14 12:08:01   13482976   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-09-13 02:16:59   757760   ----a-w-   C:\WINDOWS\System32\spoolsv.exe
2017-09-13 01:14:03   --------   d-----w-   C:\Users\Daniel\AppData\Local\ProjectPokémon
2017-09-12 19:33:25   --------   d-----w-   C:\Users\Daniel\AppData\Roaming\Corsair
2017-09-12 19:33:25   --------   d-----w-   C:\Users\Daniel\AppData\Local\Corsair
2017-09-11 18:24:09   --------   d-----w-   C:\Users\Daniel\AppData\Roaming\gambatte
2017-09-09 00:34:45   1078240   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0C9C1EA-A6E6-4FD8-B32C-D85DE1EB04D3}\gapaengine.dll
2017-09-08 00:06:54   192960   ----a-w-   C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-09-02 15:55:09   --------   d-----w-   C:\Program Files\iPod
.
==================== Find3M  ====================
.
2017-09-15 12:57:35   94144   ----a-w-   C:\WINDOWS\System32\drivers\mwac.sys
2017-09-15 12:43:25   101824   ----a-w-   C:\WINDOWS\System32\drivers\farflt.sys
2017-09-15 12:43:24   45472   ----a-w-   C:\WINDOWS\System32\drivers\mbam.sys
2017-09-15 12:43:22   253888   ----a-w-   C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-09-15 12:43:19   147728   ------w-   C:\WINDOWS\System32\drivers\rikvm_38F51D56.sys
2017-09-05 05:31:34   1596592   ----a-w-   C:\WINDOWS\System32\gdi32full.dll
2017-09-05 05:31:28   750560   ----a-w-   C:\WINDOWS\System32\fontdrvhost.exe
2017-09-05 05:31:26   1346112   ----a-w-   C:\WINDOWS\System32\user32.dll
2017-09-05 05:31:20   1147296   ----a-w-   C:\WINDOWS\System32\hvix64.exe
2017-09-05 05:31:20   1024928   ----a-w-   C:\WINDOWS\System32\hvax64.exe
2017-09-05 05:31:18   821664   ----a-w-   C:\WINDOWS\System32\hvloader.exe
2017-09-05 05:31:16   115792   ----a-w-   C:\WINDOWS\System32\win32u.dll
2017-09-05 05:30:55   287648   ----a-w-   C:\WINDOWS\System32\drivers\sdbus.sys
2017-09-05 05:27:55   136096   ----a-w-   C:\WINDOWS\System32\drivers\ksecdd.sys
2017-09-05 05:27:02   2399728   ----a-w-   C:\WINDOWS\System32\KernelBase.dll
2017-09-05 05:26:51   8319904   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2017-09-05 05:26:19   1930840   ----a-w-   C:\WINDOWS\System32\ntdll.dll
2017-09-05 05:25:54   159648   ----a-w-   C:\WINDOWS\System32\drivers\partmgr.sys
2017-09-05 05:25:09   2969880   ----a-w-   C:\WINDOWS\System32\CoreUIComponents.dll
2017-09-05 05:24:21   519584   ----a-w-   C:\WINDOWS\System32\drivers\netio.sys
2017-09-05 05:24:11   923040   ----a-w-   C:\WINDOWS\System32\CoreMessaging.dll
2017-09-05 05:23:47   1242528   ----a-w-   C:\WINDOWS\System32\drivers\ndis.sys
2017-09-05 05:23:22   4462120   ----a-w-   C:\WINDOWS\System32\setupapi.dll
2017-09-05 05:21:55   189344   ----a-w-   C:\WINDOWS\System32\drivers\dumpsd.sys
2017-09-05 05:20:27   1057824   ----a-w-   C:\WINDOWS\System32\MrmCoreR.dll
2017-09-05 05:19:29   4848960   ----a-w-   C:\WINDOWS\explorer.exe
2017-09-05 05:19:03   2443168   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-09-05 05:18:59   2972552   ----a-w-   C:\WINDOWS\System32\d3d10warp.dll
2017-09-05 05:18:34   7326128   ----a-w-   C:\WINDOWS\System32\windows.storage.dll
2017-09-05 05:18:29   820128   ----a-w-   C:\WINDOWS\System32\WWAHost.exe
2017-09-05 05:18:23   5477096   ----a-w-   C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-09-05 05:18:19   1668344   ----a-w-   C:\WINDOWS\System32\propsys.dll
2017-09-05 05:18:14   212384   ----a-w-   C:\WINDOWS\System32\browserbroker.dll
2017-09-05 05:18:09   685512   ----a-w-   C:\WINDOWS\System32\SHCore.dll
2017-09-05 05:17:08   316320   ----a-w-   C:\WINDOWS\System32\WerFault.exe
2017-09-05 05:16:55   872472   ----a-w-   C:\WINDOWS\System32\ClipSVC.dll
2017-09-05 05:16:50   546208   ----a-w-   C:\WINDOWS\System32\drivers\storport.sys
2017-09-05 05:16:46   1320344   ----a-w-   C:\WINDOWS\System32\wpx.dll
2017-09-05 05:16:41   228256   ----a-w-   C:\WINDOWS\System32\drivers\mrxsmb20.sys
2017-09-05 05:16:39   410168   ----a-w-   C:\WINDOWS\System32\Faultrep.dll
2017-09-05 05:16:36   724200   ----a-w-   C:\WINDOWS\System32\wer.dll
2017-09-05 05:16:30   182688   ----a-w-   C:\WINDOWS\System32\wermgr.exe
2017-09-05 05:16:21   49720   ----a-w-   C:\WINDOWS\System32\tbs.dll
2017-09-05 05:16:17   715168   ----a-w-   C:\WINDOWS\System32\drivers\fvevol.sys
2017-09-05 05:15:49   3116184   ----a-w-   C:\WINDOWS\System32\combase.dll
2017-09-05 05:15:48   871448   ----a-w-   C:\WINDOWS\System32\winhttp.dll
2017-09-05 05:15:44   654976   ----a-w-   C:\WINDOWS\System32\AppXDeploymentClient.dll
2017-09-05 05:15:43   257440   ----a-w-   C:\WINDOWS\System32\AppxAllUserStore.dll
2017-09-05 05:15:42   381824   ----a-w-   C:\WINDOWS\System32\wevtapi.dll
2017-09-05 05:14:56   94624   ----a-w-   C:\WINDOWS\System32\rdpudd.dll
2017-09-05 05:14:44   7907344   ----a-w-   C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-09-05 05:14:41   4708504   ----a-w-   C:\WINDOWS\System32\mfcore.dll
2017-09-05 05:14:24   958664   ----a-w-   C:\WINDOWS\System32\msvproc.dll
2017-09-05 05:14:18   1146176   ----a-w-   C:\WINDOWS\System32\mfds.dll
2017-09-05 05:14:15   254176   ----a-w-   C:\WINDOWS\System32\mfps.dll
2017-09-05 05:13:46   1619816   ----a-w-   C:\WINDOWS\System32\sppobjs.dll
2017-09-05 05:13:15   64680   ----a-w-   C:\WINDOWS\System32\appidapi.dll
2017-09-05 05:12:59   1409048   ----a-w-   C:\WINDOWS\SysWow64\gdi32full.dll
2017-09-05 05:12:57   1292880   ----a-w-   C:\WINDOWS\SysWow64\user32.dll
2017-09-05 05:12:54   627080   ----a-w-   C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-09-05 05:12:49   81176   ----a-w-   C:\WINDOWS\SysWow64\win32u.dll
2017-09-05 05:11:28   2675104   ----a-w-   C:\WINDOWS\System32\drivers\tcpip.sys
2017-09-05 05:11:21   610720   ----a-w-   C:\WINDOWS\System32\drivers\afd.sys
2017-09-05 05:11:13   387936   ----a-w-   C:\WINDOWS\System32\wmpps.dll
2017-09-05 04:53:54   1620880   ----a-w-   C:\WINDOWS\SysWow64\ntdll.dll
2017-09-05 04:53:33   1839872   ----a-w-   C:\WINDOWS\SysWow64\KernelBase.dll
2017-09-05 04:52:15   2259760   ----a-w-   C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-09-05 04:50:17   4330920   ----a-w-   C:\WINDOWS\SysWow64\setupapi.dll
2017-09-05 04:46:19   4471888   ----a-w-   C:\WINDOWS\SysWow64\explorer.exe
2017-09-05 04:45:57   85784   ----a-w-   C:\WINDOWS\SysWow64\CredentialUIBroker.exe
2017-09-05 04:45:44   2476712   ----a-w-   C:\WINDOWS\SysWow64\d3d10warp.dll
2017-09-05 04:45:09   5821496   ----a-w-   C:\WINDOWS\SysWow64\windows.storage.dll
2017-09-05 04:45:08   750496   ----a-w-   C:\WINDOWS\SysWow64\WWAHost.exe
2017-09-05 04:45:07   23679488   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2017-09-05 04:44:52   569264   ----a-w-   C:\WINDOWS\SysWow64\SHCore.dll
2017-09-05 04:43:54   280480   ----a-w-   C:\WINDOWS\SysWow64\WerFault.exe
2017-09-05 04:43:24   611096   ----a-w-   C:\WINDOWS\SysWow64\wer.dll
2017-09-05 04:43:19   359560   ----a-w-   C:\WINDOWS\SysWow64\Faultrep.dll
2017-09-05 04:43:17   169376   ----a-w-   C:\WINDOWS\SysWow64\wermgr.exe
2017-09-05 04:43:12   42456   ----a-w-   C:\WINDOWS\SysWow64\tbs.dll
2017-09-05 04:42:31   2330520   ----a-w-   C:\WINDOWS\SysWow64\combase.dll
2017-09-05 04:42:30   519680   ----a-w-   C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2017-09-05 04:42:28   182688   ----a-w-   C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2017-09-05 04:42:27   291904   ----a-w-   C:\WINDOWS\SysWow64\wevtapi.dll
2017-09-05 04:42:25   703056   ----a-w-   C:\WINDOWS\SysWow64\winhttp.dll
2017-09-05 04:41:24   4671832   ----a-w-   C:\WINDOWS\SysWow64\mfcore.dll
2017-09-05 04:41:23   6761560   ----a-w-   C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-09-05 04:41:06   1106904   ----a-w-   C:\WINDOWS\SysWow64\mfds.dll
2017-09-05 04:41:04   1013912   ----a-w-   C:\WINDOWS\SysWow64\msvproc.dll
2017-09-05 04:40:13   52768   ----a-w-   C:\WINDOWS\SysWow64\appidapi.dll
2017-09-05 04:37:39   583160   ----a-w-   C:\WINDOWS\SysWow64\CoreMessaging.dll
2017-09-05 04:31:02   3668992   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
2017-09-05 04:30:53   463360   ----a-w-   C:\WINDOWS\System32\werui.dll
2017-09-05 04:30:51   1639936   ----a-w-   C:\WINDOWS\System32\GdiPlus.dll
2017-09-05 04:30:47   77824   ----a-w-   C:\WINDOWS\System32\wsqmcons.exe
2017-09-05 04:30:45   1275904   ----a-w-   C:\WINDOWS\System32\werconcpl.dll
2017-09-05 04:30:38   584192   ----a-w-   C:\WINDOWS\System32\UIRibbonRes.dll
2017-09-05 04:30:35   184320   ----a-w-   C:\WINDOWS\System32\DWWIN.EXE
2017-09-05 04:30:24   89088   ----a-w-   C:\WINDOWS\System32\winsrvext.dll
2017-09-05 04:30:22   93184   ----a-w-   C:\WINDOWS\System32\wercplsupport.dll
.
============= FINISH:  9:39:14.96 ===============
« Last Edit: September 15, 2017, 05:57:25 PM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Recommended Update Pop-Up
« Reply #1 on: September 15, 2017, 05:56:54 PM »
Welcome back, sorry to see you having problems again. Please open attach.txt and paste it into a response. If you have to split it in half or in thirds and post each section separately, go ahead and do that. This pop-up, can you tell me what program pop-up it is mimicking?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #2 on: September 16, 2017, 02:44:00 PM »
Hello Hoov, thankfully this is on a new computer, and I haven't had malware issues in quite a while.  :t

I think it is trying to mimic a windows update window. I can show a screenshot, but it doesn't come up everyday, so I'll have to wait for it to come up again; however, the first Google Image search result for "fake automatic update window" is extremely close to what I have popping up. I think just the things with the check marks next to them are different. Below is attach.txt.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 4/20/2017 6:38:03 PM
System Uptime: 9/15/2017 8:43:11 AM (1 hours ago)
.
Motherboard: MSI |  | Z97-G45 GAMING (MS-7821)
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz | SOCKET 0 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 237 GiB total, 15.929 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 932 GiB total, 401.871 GiB free.
F: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn Inc.
Name: LogMeIn Hamachi Virtual Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: Hamachi
.
==== System Restore Points ===================
.
RP26: 9/11/2017 8:11:06 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
????? Visual Studio 2012 Verification SDK - rus
3DMark
7-Zip 9.20 (x64 edition)
7 Days to Die
7 Days to Die Dedicated Server
AcBootP
Acoustica Mixcraft 7 Home Studio
Active Directory Authentication Library for SQL Server
Active Directory Authentication Library for SQL Server (x86)
Adobe Acrobat Reader DC
Adobe Flash Player 21 NPAPI
Adobe Refresh Manager
Age of Conan: Unchained
Amazon Music
Android SDK Tools
Ansel
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Application Insights Tools for Visual Studio 2013
Application Insights Tools for Visual Studio 2015
ArtMoney SE v7.45.1
AutoIt v3.3.14.2
Azure AD Authentication Connected Service
AzureTools.Notifications
Bandicam
Bandisoft MPEG-1 Decoder
Batman™: Arkham Knight
Battle.net
Behaviors SDK (Windows Phone) for Visual Studio 2013
Behaviors SDK (Windows) for Visual Studio 2013
BitTorrent
Blend for Visual Studio 2013
Blend for Visual Studio 2013 ENU resources
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Blend for Visual Studio SDK for Windows Phone 8.0
Bonjour
Build Tools - amd64
Build Tools - x86
Build Tools Language Resources - amd64
Build Tools Language Resources - x86
Canon MP Navigator EX 1.0
Canon MP610 series
Chrome Remote Desktop Host
Cisco WebEx Meetings
Cities: Skylines
CivAssist 2.0.5
CMake
CodedUITest81
Conan Exiles
Corsair Utility Engine
Curse
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Dark Souls: Prepare to Die Edition
Dia (remove only)
Diablo
Diablo II
Dolphin
Don't Starve
Don't Starve Together Beta
Dotfuscator and Analytics Community Edition
Dotfuscator and Analytics Community Edition 5.22.0
Entity Framework 6.1.3 Tools  for Visual Studio 2013
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1
Factorio
Façade
FINAL FANTASY VII
FINAL FANTASY X/X-2 HD Remaster
Futuremark SystemInfo
GameRanger
Git version 2.11.1
GitHub
GoldWave v6.19
Google Chrome
Google Drive
Google Update Helper
haneWIN DHCP Server 3.1.8
Heroes of the Storm
HeroQuest Game Master v2.6
HWiNFO64 Version 4.64
HxD Hex Editor version 1.7.7.0
IIS 10.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) ME UninstallLegacy
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 141
Java 8 Update 141 (64-bit)
Java 8 Update 91 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 55
Java SE Development Kit 8 Update 60 (64-bit)
Kerbal Space Program
Kit SDK de vérification de Visual Studio 2012 - fra
LocalESPC
LocalESPC Dev12
LocalESPCui for en-us
LocalESPCui for en-us Dev12
LogMeIn Hamachi
LoiLo Game Recorder
LoiLoScope 2
Malwarebytes version 3.2.2.2018
Memory Profiler
Microsoft .NET Core 5.0 SDK
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.6 SDK
Microsoft .NET Framework 4.6 Targeting Pack
Microsoft .NET Framework 4.6 Targeting Pack (ENU)
Microsoft .NET Framework 4.6.1 Developer Pack
Microsoft .NET Framework 4.6.1 SDK
Microsoft .NET Framework 4.6.1 Targeting Pack
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU)
Microsoft .NET Version Manager (x64) 1.0.0-beta5
Microsoft Advertising SDK for Windows 8.1 - ENU
Microsoft Advertising SDK for Windows Phone - ENU
Microsoft Advertising SDK for Windows Phone 8.1 XAML - ENU
Microsoft Advertising Service Extension for Visual Studio
Microsoft Agents for Visual Studio 2015 Preview
Microsoft Agents for Visual Studio 2015 Preview - ENU
Microsoft Application Error Reporting
Microsoft ASP.NET and Web Tools 2013.5 - Visual Studio 2013
Microsoft ASP.NET and Web Tools 2015.1 (Beta8) - Visual Studio 2015
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
Microsoft ASP.NET MVC 4 - Visual Studio 2015 - ENU
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2015 - ENU
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
Microsoft ASP.NET Web Pages 2 - Visual Studio 2015 - ENU
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Azure Mobile Services Connected Service
Microsoft Azure Mobile Services SDK
Microsoft Azure Mobile Services SDK V2.0
Microsoft Azure Mobile Services Tools for Visual Studio - v1.4
Microsoft Azure Shared Components for Visual Studio 2013 - v1.4
Microsoft Azure Shared Components for Visual Studio 2015 - v1.8
Microsoft Azure Storage Connected Service
Microsoft Blend for Visual Studio 2015
Microsoft Blend for Visual Studio 2015 - ENU
Microsoft Build Tools 14.0 (amd64)
Microsoft Build Tools 14.0 (x86)
Microsoft Build Tools Language Resources 14.0 (amd64)
Microsoft Build Tools Language Resources 14.0 (x86)
Microsoft C++ Azure Mobile SDK for Visual Studio 2013
Microsoft C++ REST SDK for Visual Studio 2013
Microsoft DirectX SDK (June 2010)
Microsoft Exchange Web Services Managed API 2.1
Microsoft Expression Blend SDK for .NET 4
Microsoft Help Viewer 2.1
Microsoft Help Viewer 2.2
Microsoft Identity Extensions
Microsoft NuGet - Visual Studio 2013
Microsoft NuGet - Visual Studio 2015
Microsoft Office
Microsoft OneDrive
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2013
Microsoft Silverlight
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server 2014 Express LocalDB
Microsoft SQL Server 2014 Management Objects
Microsoft SQL Server 2014 Management Objects  (x64)
Microsoft SQL Server 2014 T-SQL Language Service
Microsoft SQL Server 2014 Transact-SQL ScriptDom
Microsoft SQL Server 2016 LocalDB
Microsoft SQL Server 2016 Management Objects
Microsoft SQL Server 2016 Management Objects  (x64)
Microsoft SQL Server 2016 T-SQL Language Service
Microsoft SQL Server 2016 T-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (12.0.41012.0)
Microsoft SQL Server Data Tools - enu (14.0.60519.0)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft System CLR Types for SQL Server 2014
Microsoft System CLR Types for SQL Server 2016
Microsoft Team Foundation Server 2013 Update 5 Object Model (x64)
Microsoft Team Foundation Server 2013 Update 5 Object Model Language Pack (x64) - ENU
Microsoft Visual C++  ARM Libraries
Microsoft Visual C++  x64-arm Cross Compilers
Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources
Microsoft Visual C++  x64-x86 Cross Compilers
Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources
Microsoft Visual C++  x64 Libraries
Microsoft Visual C++  x64 Native Compilers
Microsoft Visual C++  x64 Native Compilers - ENU Resources
Microsoft Visual C++  x86 Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers For Windows Phone
Microsoft Visual C++ 2012 Compilers For Windows Phone - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Core Libraries For Windows Phone
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
Microsoft Visual C++ 2013 Compilers
Microsoft Visual C++ 2013 Compilers - ENU Resources
Microsoft Visual C++ 2013 Core Libraries
Microsoft Visual C++ 2013 Extended Libraries
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86-x64 Compilers
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x64 Debug Runtime - 14.0.24215
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Debug Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2013 Add-in for Windows Phone
Microsoft Visual Studio 2013 Add-in for Windows Phone - ENU Language Pack
Microsoft Visual Studio 2013 Devenv
Microsoft Visual Studio 2013 Devenv Resources
Microsoft Visual Studio 2013 Diagnostic Tools - amd64
Microsoft Visual Studio 2013 Diagnostic Tools - x86
Microsoft Visual Studio 2013 Performance Collection Tools
Microsoft Visual Studio 2013 Performance Collection Tools - ENU
Microsoft Visual Studio 2013 Preparation
Microsoft Visual Studio 2013 Profiling Tools
Microsoft Visual Studio 2013 Shell (Minimum)
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2013 Shell (Minimum) Resources
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies
Microsoft Visual Studio 2013 XAML UI Designer
Microsoft Visual Studio 2013 XAML UI Designer - ENU
Microsoft Visual Studio 2015 Add-in for Windows Phone
Microsoft Visual Studio 2015 Add-in for Windows Phone - ENU Language Pack
Microsoft Visual Studio 2015 Devenv
Microsoft Visual Studio 2015 Devenv Resources
Microsoft Visual Studio 2015 Diagnostic Tools - amd64
Microsoft Visual Studio 2015 Performance Collection Tools
Microsoft Visual Studio 2015 Performance Collection Tools - ENU
Microsoft Visual Studio 2015 Preparation
Microsoft Visual Studio 2015 Profiling Tools
Microsoft Visual Studio 2015 SDK - ENU
Microsoft Visual Studio 2015 Shell (Minimum)
Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2015 Shell (Minimum) Resources
Microsoft Visual Studio 2015 Test Tools Language Pack - ENU
Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - amd64
Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - ENU
Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - x86
Microsoft Visual Studio 2015 Update 3 Performance Debugger Web Views
Microsoft Visual Studio 2015 Update 3.1 Team Explorer Language Pack - ENU
Microsoft Visual Studio 2015 VsGraphics Helper Dependencies
Microsoft Visual Studio 2015 Windows Diagnostic Tools
Microsoft Visual Studio 2015 Windows Diagnostic Tools - ENU
Microsoft Visual Studio 2015 XAML Application Timeline
Microsoft Visual Studio 2015 XAML Application Timeline - ENU
Microsoft Visual Studio 2015 XAML Designer
Microsoft Visual Studio 2015 XAML Designer - ENU
Microsoft Visual Studio 2015 XAML Visual Diagnostics
Microsoft Visual Studio 2015 XAML Visual Diagnostics - ENU
Microsoft Visual Studio Community 2013
Microsoft Visual Studio Community 2013 with Update 5
Microsoft Visual Studio Community 2015
Microsoft Visual Studio Community 2015 - ENU
Microsoft Visual Studio Community 2015 with Updates
Microsoft Visual Studio Connected Services
Microsoft Visual Studio Professional 2013
Microsoft Visual Studio Professional 2013 - ENU
Microsoft Visual Studio Services Hub
Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Office Integration (x64)
Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Office Integration Language Pack (x64) - ENU
Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Storyboarding (x64)
Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Storyboarding Language Pack (x64) - ENU
Microsoft VisualStudio JavaScript Language Service
Microsoft VisualStudio JavaScript Project System
Microsoft Web Deploy 3.6
Microsoft.VisualStudio.Office365
Minecraft
Movie Maker
MSBuild/NuGet Integration 14.0 (x86)
MSVCRT
MSVCRT110
MSVCRT110_amd64
Multi-Device Hybrid Apps using C# - Templates - ENU
NBTExplorer
NetBeans IDE 8.0.2
Node.js
NVIDIA 3D Vision Controller Driver 364.44
NVIDIA 3D Vision Driver 382.05
NVIDIA Backend
NVIDIA Container
NVIDIA Control Panel 382.05
NVIDIA Display Container
NVIDIA Display Container LS
NVIDIA Display Session Container
NVIDIA Display Watchdog Plugin
NVIDIA GeForce Experience 3.2.0.96
NVIDIA Graphics Driver 382.05
NVIDIA HD Audio Driver 1.3.34.26
NVIDIA Install Application
NVIDIA LocalSystem Container
NVIDIA Message Bus for NvContainer
NVIDIA NetworkService Container
NVIDIA Optimus Update 23.1.0.0
NVIDIA PhysX System Software 9.16.0318
NVIDIA Session Container
NVIDIA ShadowPlay 3.2.0.96
Nvidia Share
NVIDIA Stereoscopic 3D Driver
NVIDIA Telemetry Container
NVIDIA Update 23.1.0.0
NVIDIA Update Core
NVIDIA User Container
NVIDIA Virtual Audio 3.50.2
NVIDIA Watchdog Plugin for NvContainer
NVIDIA Wireless Controller Service
NvNodejs
NvTelemetry
OBS Studio
OCCT 4.4.1
Oracle VM VirtualBox 5.1.14
Origin
Papers, Please
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Photo Common
Photo Gallery
PokerStars
Portal Knights
PowerShellIntegration.Notifications
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Project and Item Templates for Visual Studio Community 2015 - ENU
Project64 1.6
Python Tools Redirection Template
Realtek High Definition Audio Driver
RollerCoaster Tycoon: Deluxe
Roslyn Language Services - x86
SDK de comprobación de Visual Studio 2012 - esn
SharePoint Client Components
SHIELD Streaming
SHIELD Wireless Controller Driver
Sid Meier's Civilization III: Complete
SimCity 4 Deluxe
Skype™ 7.33
Slack
Slime Rancher
STAR WARS™: Knights of the Old Republic™
StarCraft
StarCraft II
StarCraft Public Test
StarCraft X-tra Editor  Version 2.5
State of Decay: Year-One
Steam
StepMania 5
Stranded Deep
Subnautica
Tabletop Simulator
Team Explorer for Microsoft Visual Studio 2013
Team Explorer for Microsoft Visual Studio 2015 Update 3.1
Test Tools for Microsoft Visual Studio 2015
The Forest
The Four Kings Casino and Slots
The Sims 2: Ultimate Collection
The Sims™ 4
TortoiseHg 4.0.0 (x64)
Total Annihilation
Total Annihilation Patch Resources v1.0
Total Annihilation v3.9.02 Beta Patch
Turmoil
TypeScript Power Tool
TypeScript Tools for Microsoft Visual Studio 2013
TypeScript Tools for Microsoft Visual Studio 2015
Ultimate Epic Battle Simulator
Undertale
Universal CRT Extension SDK
Universal CRT Headers Libraries and Sources
Universal CRT Redistributable
Universal CRT Tools x64
Universal CRT Tools x86
Update for  (KB2504637)
Update for Microsoft Visual Studio 2015 (KB3165756)
USB Video Device
Visual C++ Compiler/Tools Premium ARM Base Package
Visual C++ Compiler/Tools Premium ARM Base Resource Package
Visual C++ Compiler/Tools Premium X64 ARM Cross Package
Visual C++ Compiler/Tools Premium X64 ARM Cross Resource Package
Visual C++ Compiler/Tools Premium X64 Base Package
Visual C++ Compiler/Tools Premium X64 Base Resource Package
Visual C++ Compiler/Tools Premium X64 Native Package
Visual C++ Compiler/Tools Premium X64 Native Resource Package
Visual C++ Compiler/Tools Premium X64 X86 Cross Package
Visual C++ Compiler/Tools Premium X64 X86 Cross Resource Package
Visual C++ Compiler/Tools Premium X86 ARM Cross Package
Visual C++ Compiler/Tools Premium X86 ARM Cross Resource Package
Visual C++ Compiler/Tools Premium X86 Base Package
Visual C++ Compiler/Tools Premium X86 Base Resource Package
Visual C++ Compiler/Tools Premium X86 Native Package
Visual C++ Compiler/Tools Premium X86 Native Resource Package
Visual C++ Compiler/Tools Premium X86 X64 Cross Package
Visual C++ Compiler/Tools Premium X86 X64 Cross Resource Package
Visual C++ Compiler/Tools X64 ARM Cross Package
Visual C++ Compiler/Tools X64 ARM Cross Resource Package
Visual C++ Compiler/Tools X64 Base Package
Visual C++ Compiler/Tools X64 Base Resource Package
Visual C++ Compiler/Tools X64 Native Package
Visual C++ Compiler/Tools X64 Native Resource Package
Visual C++ Compiler/Tools X64 X86 Cross Package
Visual C++ Compiler/Tools X64 X86 Cross Resource Package
Visual C++ Compiler/Tools X86 ARM Cross Package
Visual C++ Compiler/Tools X86 ARM Cross Resource Package
Visual C++ Compiler/Tools X86 Base Package
Visual C++ Compiler/Tools X86 Base Resource Package
Visual C++ Compiler/Tools X86 Native Package
Visual C++ Compiler/Tools X86 Native Resource Package
Visual C++ Compiler/Tools X86 X64 Cross Package
Visual C++ Compiler/Tools X86 X64 Cross Resource Package
Visual C++ CRT Headers Package
Visual C++ IDE Base Package
Visual C++ IDE Base Resource Package
Visual C++ IDE Common Package
Visual C++ IDE Common Resource Package
Visual C++ IDE Core Package
Visual C++ IDE Core Professional Plus Resource Package
Visual C++ IDE Debugger Package
Visual C++ IDE Debugger Resource Package
Visual C++ IDE Desktop Plus Package
Visual C++ IDE Desktop Plus Resource Package
Visual C++ IDE Optional Desktop Support Package
Visual C++ IDE Professional Core Package
Visual C++ IDE Professional Plus Package
Visual C++ IDE Professional Plus Resource Package
Visual C++ IDE Windows Express Plus Package
Visual C++ IDE x64 Package
Visual C++ Library ATL ARM Package
Visual C++ Library ATL Headers Package
Visual C++ Library ATL Source Package
Visual C++ Library ATL X64 Package
Visual C++ Library ATL X86 Package
Visual C++ Library CRT ARM Desktop Package
Visual C++ Library CRT ARM Redist Package
Visual C++ Library CRT ARM Store Package
Visual C++ Library CRT Redist Resource Package
Visual C++ Library CRT Source Package
Visual C++ Library CRT X64 Desktop Package
Visual C++ Library CRT X64 Redist Package
Visual C++ Library CRT X64 Store Package
Visual C++ Library CRT X86 Desktop Package
Visual C++ Library CRT X86 Redist Package
Visual C++ Library CRT X86 Store Package
Visual C++ Library PGO ARM Package
Visual C++ Library PGO Headers Package
Visual C++ Library PGO X64 Package
Visual C++ Library PGO X86 Package
Visual C++ MSBuild ARM Package
Visual C++ MSBuild Base Package
Visual C++ MSBuild Base Resource Package
Visual C++ MSBuild X64 Package
Visual C++ MSBuild X86 Package
Visual C++ Professional Items Package
Visual C++ Professional Items Resource Package
Visual C++ Professional Templates Package
Visual C++ Professional Templates Resource Package
Visual C++ Professional Windows 8.1 Templates Package
Visual C++ Professional Windows 8.1 Templates Resource Package
Visual F# 3.1 SDK
Visual F# 3.1 VS
Visual Studio 2012-Verifizierungs-SDK - deu
Visual Studio 2012 ?? SDK - cht
Visual Studio 2012 ??? ?? SDK - kor
Visual Studio 2012 Verification SDK
Visual Studio 2012 Verification SDK - chs
Visual Studio 2012 Verification SDK - enu
Visual Studio 2012 Verification SDK - ita
Visual Studio 2012 Verification SDK - jpn
Visual Studio 2013 Prerequisites
Visual Studio 2013 Prerequisites - ENU Language Pack
Visual Studio 2013 Update 5 (KB2829760)
Visual Studio 2015 Prerequisites
Visual Studio 2015 Prerequisites - ENU Language Pack
Visual Studio 2015 Update 3 (KB3022398)
Visual Studio Extensions for Windows Library for JavaScript
Visual Studio Graphics Analyzer
VS Update core components
vs_update3notification
Vulkan Run Time Libraries 1.0.3.0
Vulkan Run Time Libraries 1.0.42.1
Warcraft III
WCF Data Services 5.6.0 Runtime
WCF Data Services 5.6.4 Runtime
WCF Data Services Tools for Microsoft Visual Studio 2013
WCF Data Services Tools for Microsoft Visual Studio 2015
WCF RIA Services V1.0 SP2
Windows 10 Update and Privacy Settings
Windows 8 Development Essentials
Windows App Certification Kit Native Components
Windows App Certification Kit SupportedApiList x86
Windows App Certification Kit x64
Windows Espc Package
Windows Espc Resource Package
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Phone 8.0 Emulation Host
Windows Phone 8.0 Emulation Images
Windows Phone 8.0 Managed SDK Profiler (ARM)
Windows Phone 8.0 Managed SDK Profiler (X86)
Windows Phone 8.1 Emulators - ENU
Windows Phone 8.1 SDK - ARM
Windows Phone 8.1 SDK - Desktop
Windows Phone 8.1 SDK - Images
Windows Phone 8.1 SDK - x64
Windows Phone 8.1 SDK - x86
Windows Phone 8.1 Tools for Visual Studio 2013
Windows Phone 8.1 Tools for Visual Studio 2013 - ENU
Windows Phone 8.1 Tools for Visual Studio 2015
Windows Phone 8.1 Tools for Visual Studio 2015 - ENU
Windows Phone 8.1 Tools for Visual Studio Professional 2013
Windows Phone 8.1 Tools for Visual Studio Professional 2015
Windows Phone 8.1 Tools for Visual Studio Professional 2015 - ENU
Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU
Windows Phone Emulator 8.0 Configurator
Windows Phone SDK 8.0 Assemblies
Windows Phone SDK 8.0 Assemblies for Visual Studio 2015
Windows Phone Tools Finalizer
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit - Windows 10.0.26624
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
Workflow Manager Client 1.0
Workflow Manager Tools 1.0 for Visual Studio
World of Warcraft
Xamarin
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/15/2017 8:43:19 AM, Error: Service Control Manager [7000]  - The CldFlt service failed to start due to the following error:  The request is not supported.
9/13/2017 7:10:08 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
9/13/2017 7:10:08 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/13/2017 7:08:58 AM, Error: Service Control Manager [7034]  - The App Readiness service terminated unexpectedly.  It has done this 1 time(s).
9/13/2017 10:12:30 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
9/12/2017 8:04:26 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user Squall\Daniel SID (S-1-5-21-3823722328-3042605709-1652186426-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Recommended Update Pop-Up
« Reply #3 on: September 16, 2017, 06:15:41 PM »
Have you tried running Windows Update thru All Settings and see if windows is fully updated? I have gone thru your logs and not seen much.. I would get rid of LogMeIn, as well as bitTorrent. But that is more of a personal thing. I don't like the way LogMeIn works, and BitTorrent has let too many infections onto machines. I am going to go thru your log again just to make sure there is nothing. Other than MalwareBytes, have you run any other scans? Please go here, https://www.eset.com/us/home/online-scanner/, and run the free ESET virus scan (it is the button on the left) and let me know what it finds.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #4 on: September 17, 2017, 11:45:31 AM »
Hello Hoov,

I forgot bittorrent was even installed. I installed it to download only 1 file that I could only get via torrent, so I will look to remove that application today, before I forget that it's still installed. :)

LogMeIn used to be Hamachi, which I use occasionally to simulate a LAN environment for a few games I have installed. Do you have any better recommendations for VPN like applications for simulating a LAN environment? LogMeIn is free which is why I use it, because I don't mess around with it too much.

I didn't look at Windows update, but I ran the ESET scan you linked and it did find 3 items. Copy/Paste of the results below. I have not taken any action on these yet, and will keep the ESET application open until either I hear from you, or late tonight before I shut down the computer (if it gets to that point, I will do the clean all action).

C:\Users\Daniel\AppData\Local\Dofecomapo\ProductUpdt.exe   a variant of Win32/DealPly.JW.gen potentially unwanted application   
C:\Users\Daniel\AppData\Local\Tebifak\Cusiborenap.dat   VBS/Kryptik.DY trojan   
C:\Users\Daniel\AppData\Local\Tebifak\SyncTask.exe   a variant of Win32/DealPly.MD.gen potentially unwanted application   

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Recommended Update Pop-Up
« Reply #5 on: September 17, 2017, 02:00:35 PM »
Go ahead and fix all three with ESET, the go to the page below and follow the instructions in step 1 thru 4. Let me know how that goes.
https://www.bleepingcomputer.com/virus-removal/remove-product-updater-system-service

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #6 on: September 17, 2017, 07:20:35 PM »
Hello,

I completed the clean action through ESET.

I went ahead and followed steps 1 thru 4, though 4 stopped at downloading Malwarebytes Anti-Malware, which I already have installed. Malware bytes hasn't found anything on my computer since before the ESET scan. Below is the RKill results though, which look promising. I think we got that updater program.

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/17/2017 09:17:29 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/17/2017 09:17:39 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Recommended Update Pop-Up
« Reply #7 on: September 17, 2017, 08:42:14 PM »
Step 4 was to run the Junkware Removal Tool, did you run that?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #8 on: September 18, 2017, 06:07:25 AM »
Oh, that's weird. The link labelled step 4 jumps down to the instructions at number 13, that threw me off. I'll follow those steps and report back once it is complete.

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #9 on: September 21, 2017, 06:38:58 AM »
Hello,

Below is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Daniel (Administrator) on Thu 09/21/2017 at  8:34:42.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Daniel\AppData\Roaming\3909 (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/21/2017 at  8:36:29.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Recommended Update Pop-Up
« Reply #10 on: September 21, 2017, 07:48:12 AM »
I know we have not removed much, but you said you think we got the update window. Has it shown up again?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #11 on: September 21, 2017, 07:53:30 AM »
Hello Hoov,

"C:\Users\Daniel\AppData\Local\Dofecomapo\ProductUpdt.exe   a variant of Win32/DealPly.JW.gen potentially unwanted application " is what looked like the system update to me, and I think I saw that .exe mentioned in some webpages about fake update popups. It also hasn't happened recently.

I think we're good to assume it's gone for now, and if it pops back up again I'll post back on here. Is there a process for reviving resolved posts, or is it best to just start a whole new post in that instance?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Recommended Update Pop-Up
« Reply #12 on: September 21, 2017, 10:21:24 AM »
I will leave this open for a while in case it comes back.

One thing you should do is to flush the system restore files. Do you know how to do that?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline NiteKat

  • Bronze Member
  • Posts: 104
Re: [In Progress] Recommended Update Pop-Up
« Reply #13 on: September 24, 2017, 07:32:39 AM »
No, I'm not familiar with the process of flushing the system restore files.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!