Strange actions after closing W10 offer... GWX?

Vince · Jul 1, 2016

Hi again

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Mup (2016-07-01 19:39:36) Run:1
Running from C:\Users\Mup\Desktop
Loaded Profiles: Mup (Available Profiles: Mup)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909615783-3256432697-2275361012-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-19] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => key removed successfully
"FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)" => not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1" => key removed successfully
C:\Program Files\VideoLAN\VLC\npvlc.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX" => key removed successfully
C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5" => key removed successfully
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => key removed successfully
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => key removed successfully
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => key removed successfully
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision" => key removed successfully
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming" => key removed successfully
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => key removed successfully
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll => moved successfully
"HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => key removed successfully
C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\WebRep\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\WebRep\FF" => Scheduled to move on reboot.

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13] => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23232161 B
Java, Flash, Steam htmlcache => 78821610 B
Windows/system/drivers => 670578 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 34306 B
Mup => 7940622654 B

RecycleBin => 1738784 B
EmptyTemp: => 7.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-01 19:41:23)

"C:\Program Files\AVAST Software\Avast\WebRep\FF" => Could not move
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move

==== End of Fixlog 19:41:23 ====

I have not yet removed any of the java.... Is there any safe java7? I ask as I have recently started a new job and they use java7 still. I had installed it at home to mirror what I have learned.

PC seems ok at the moment, ill use it tonight and let report back again in the morning.
Thank you for your help.

Vince

Vince

Juliet · Jul 1, 2016

I have not yet removed any of the java.... Is there any safe java7? I ask as I have recently started a new job and they use java7 still. I had installed it at home to mirror what I have learned.

PC seems ok at the moment, ill use it tonight and let report back again in the morning.
Thank you for your help.

hot-diggty-dog for the computer.

****
You might want to hold off with that then cause it's hard to find that specific version.

Ever used NoScript for Java?
I use, it's a free download for all browsers I think (CORRECTION, Firefox only)

...It creates an options button on the bottom of web pages whether to allow it to run or work in Java?

NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.

Knowledge base
https://noscript.net/faq

Let me know about removing tools and quarantine folders so that your onboard security apps wont detect them as threats.

Vince · Jul 2, 2016

Hi again,

PC seems to be ok still... big difference with no adds.

Im not sure where the quarantine folders are and I have never used noscript. Honestly disappointed that there is nothing for IE.

Vince

Juliet · Jul 2, 2016

We'll remove the tools used.

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Vince · Jul 6, 2016

I have run delfix and the system seems to be good.

Many thanks again for your help

Juliet · Jul 6, 2016

We're glad to help

Juliet · Jul 7, 2016

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Strange actions after closing W10 offer... GWX?

Vince

New member

Juliet

Security Expert-emeritus

Vince

New member

Juliet

Security Expert-emeritus

Vince

New member

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus